+<svg xmlns="" xmlns:xlink="" version="1.1" width="822px" height="721px" viewBox="-0.5 -0.5 822 721" content="&lt;mxfile host=&quot;; modified=&quot;2024-04-24T09:57:06.901Z&quot; agent=&quot;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36&quot; etag=&quot;idLHjtmgS96FVphwHZih&quot; scale=&quot;1&quot; border=&quot;0&quot; version=&quot;24.2.8&quot; type=&quot;device&quot;&gt;&#10;  &lt;diagram name=&quot;Page-1&quot; id=&quot;0ahoYHhgpX2lhLgWHN-l&quot;&gt;&#10;    &lt;mxGraphModel dx=&quot;1217&quot; dy=&quot;581&quot; grid=&quot;1&quot; gridSize=&quot;10&quot; guides=&quot;1&quot; tooltips=&quot;1&quot; connect=&quot;1&quot; arrows=&quot;1&quot; fold=&quot;1&quot; page=&quot;1&quot; pageScale=&quot;1&quot; pageWidth=&quot;850&quot; pageHeight=&quot;1100&quot; math=&quot;0&quot; shadow=&quot;0&quot;&gt;&#10;      &lt;root&gt;&#10;        &lt;mxCell id=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;1&quot; parent=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; value=&quot;&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;dashed=1&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;141&quot; y=&quot;150&quot; width=&quot;690&quot; height=&quot;720&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;2&quot; value=&quot;Kyma Environment Broker&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;170&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;3&quot; value=&quot;BTP&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;10&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;4&quot; value=&quot;Kyma Infrastructure Manager&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;510&quot; y=&quot;360&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;5&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;3&quot; target=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;130&quot; y=&quot;460&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;180&quot; y=&quot;410&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;7&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;320&quot; y=&quot;290&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;340&quot; y=&quot;310&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;8&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0.596;entryY=-0.017;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; target=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;520&quot; y=&quot;310&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;670&quot; y=&quot;240&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;582&quot; y=&quot;310&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;9&quot; value=&quot;Gardener&quot; style=&quot;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;750&quot; y=&quot;350&quot; width=&quot;80&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;10&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;660&quot; y=&quot;380&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;710&quot; y=&quot;330&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;12&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0.5;exitY=1;exitDx=0;exitDy=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;700&quot; y=&quot;570&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;570&quot; y=&quot;490&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;13&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;290&quot; y=&quot;380&quot; width=&quot;90&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;14&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;600&quot; y=&quot;460&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;15&quot; value=&quot;1&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;310&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;16&quot; value=&quot;2&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;590&quot; y=&quot;290&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;17&quot; value=&quot;3&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;660&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;18&quot; value=&quot;Start provisioning&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;540&quot; y=&quot;260&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;19&quot; value=&quot;Create shoot CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;620&quot; y=&quot;310&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;20&quot; style=&quot;edgeStyle=none;curved=1;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;fontSize=12;startSize=8;endSize=8;&quot; parent=&quot;1&quot; source=&quot;17&quot; target=&quot;17&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;21&quot; value=&quot;4&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;610&quot; y=&quot;427&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;22&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=0.625;entryY=0.988;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;420&quot; y=&quot;530&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;470&quot; y=&quot;480&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;390&quot; /&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;590&quot; /&gt;&#10;              &lt;mxPoint x=&quot;800&quot; y=&quot;590&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;23&quot; value=&quot;5&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;379&quot; y=&quot;440&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;24&quot; value=&quot;Fetch kubeconfig&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;369&quot; y=&quot;480&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-25&quot; value=&quot;GardenerCluster CRD&amp;amp;nbsp;contains details of the cluster&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;370&quot; y=&quot;190&quot; width=&quot;120&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-26&quot; value=&quot;GardenerClusterKubeconfig&amp;amp;nbsp;CRD contains details for fetching kubeconfig. &amp;lt;b&amp;gt;Mind currently GardenerCluster is used for that&amp;amp;nbsp;&amp;lt;/b&amp;gt;&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;515&quot; y=&quot;620&quot; width=&quot;190&quot; height=&quot;200&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-32&quot; value=&quot;Kyma Control Plane&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=16;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;640&quot; y=&quot;160&quot; width=&quot;170&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-24&quot; value=&quot;GardenerClusterKubeconfig CR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;485&quot; y=&quot;490&quot; width=&quot;170&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-25&quot; value=&quot;GardenerClusterCR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;340&quot; y=&quot;280&quot; width=&quot;180&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;      &lt;/root&gt;&#10;    &lt;/mxGraphModel&gt;&#10;  &lt;/diagram&gt;&#10;&lt;/mxfile&gt;&#10;"><defs/><g><g><rect x="131" y="0" width="690" height="720" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-dasharray="3 3" pointer-events="all"/></g><g><rect x="160" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 161px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Environment Broker</div></div></div></foreignObject><text x="220" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Environment Bro...</text></switch></g></g><g><rect x="0" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 1px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">BTP</div></div></div></foreignObject><text x="60" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">BTP</text></switch></g></g><g><rect x="500" y="210" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 240px; margin-left: 501px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Infrastructure Manager</div></div></div></foreignObject><text x="560" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Infrastructure...</text></switch></g></g><g><path d="M 120.5 165 L 120.5 155 L 140.5 155 L 140.5 144.5 L 159.5 160 L 140.5 175.5 L 140.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 280.5 165 L 280.5 155 L 310.5 155 L 310.5 144.5 L 329.5 160 L 310.5 175.5 L 310.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155 L 577.05 155 L 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43 L 566.95 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/><path d="M 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><rect x="740" y="200" width="80" height="80" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 78px; height: 1px; padding-top: 240px; margin-left: 741px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Gardener</div></div></div></foreignObject><text x="780" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Gardener</text></switch></g></g><g><path d="M 620.5 245 L 620.5 235 L 720.5 235 L 720.5 224.5 L 739.5 240 L 720.5 255.5 L 720.5 245 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 555 295.5 L 544.5 295.5 L 560 270.5 L 575.5 295.5 L 565 295.5 L 565 314.5 L 575.5 314.5 L 560 339.5 L 544.5 314.5 L 555 314.5 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><rect x="280" y="230" width="90" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 245px; margin-left: 281px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="325" y="249" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><rect x="590" y="310" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 325px; margin-left: 591px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="620" y="329" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><ellipse cx="320" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 301px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">1</div></div></div></foreignObject><text x="320" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">1</text></switch></g></g><g><ellipse cx="600" cy="160" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 160px; margin-left: 581px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">2</div></div></div></foreignObject><text x="600" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">2</text></switch></g></g><g><ellipse cx="670" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 651px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">3</div></div></div></foreignObject><text x="670" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">3</text></switch></g></g><g><rect x="530" y="110" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 125px; margin-left: 531px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Start provisioning</div></div></div></foreignObject><text x="600" y="129" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Start provisioning</text></switch></g></g><g><rect x="610" y="160" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 175px; margin-left: 611px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create shoot CR</div></div></div></foreignObject><text x="680" y="179" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create shoot CR</text></switch></g></g><g/><g><ellipse cx="620" cy="297" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 297px; margin-left: 601px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">4</div></div></div></foreignObject><text x="620" y="301" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">4</text></switch></g></g><g><path d="M 499.5 235 L 499.5 245 L 435 245 L 435 435 L 785 435 L 785 304.54 L 774.5 304.54 L 790 279.54 L 805.5 304.54 L 795 304.54 L 795 445 L 425 445 L 425 235 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 785 304.54 L 774.5 304.54 L 790 279.54 L 805.5 304.54 L 795 304.54" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><ellipse cx="389" cy="310" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 310px; margin-left: 370px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">5</div></div></div></foreignObject><text x="389" y="314" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">5</text></switch></g></g><g><rect x="359" y="330" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 345px; margin-left: 360px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Fetch kubeconfig</div></div></div></foreignObject><text x="389" y="349" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Fetch kube...</text></switch></g></g><g><path d="M 360 40 L 480 40 L 480 108 Q 450 86.4 420 108 Q 390 129.6 360 108 L 360 52 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 68px; margin-left: 361px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">GardenerCluster CRD contains details of the cluster</div></div></div></foreignObject><text x="420" y="72" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">GardenerCluster CRD...</text></switch></g></g><g><path d="M 505 470 L 695 470 L 695 640 Q 647.5 586 600 640 Q 552.5 694 505 640 L 505 500 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 540px; margin-left: 506px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">GardenerClusterKubeconfig CRD contains details for fetching kubeconfig. <b>Mind currently GardenerCluster is used for that </b></div></div></div></foreignObject><text x="600" y="544" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">GardenerClusterKubeconfig CRD c...</text></switch></g></g><g><rect x="630" y="10" width="170" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 25px; margin-left: 631px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Control Plane</div></div></div></foreignObject><text x="715" y="30" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="16px" text-anchor="middle">Kyma Control Plane</text></switch></g></g><g><rect x="475" y="340" width="170" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 370px; margin-left: 476px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">GardenerClusterKubeconfig CR</div></div></div></foreignObject><text x="560" y="374" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">GardenerClusterKubeconfig CR</text></switch></g></g><g><rect x="330" y="130" width="180" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 178px; height: 1px; padding-top: 160px; margin-left: 331px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">GardenerClusterCR</div></div></div></foreignObject><text x="420" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">GardenerClusterCR</text></switch></g></g></g><switch><g requiredFeatures=""/><a transform="translate(0,-5)" xlink:href="" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/aws-freemium.yaml b/docs/adrs/assets/runtime-examples/aws-freemium.yaml
new file mode 100644
index 00000000..c353b39c
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/aws-freemium.yaml
@@ -0,0 +1,66 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # Set by KEB, required
+    name: shoot-name
+    # Set by KEB, required
+    purpose: trial
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+    provider:
+      ## Provided by the KEB, required
+      type: aws
+      ## Provided by the KEB, required
+      region: eu-central-1
+      # Provided by the KEB, required.
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    workers:
+      - machine:
+          # Set by KEB, required
+          type: m5.xlarge
+          # Optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # Provided by the KEB, required for the first release
+        # Finally can be moved into KIM, as it is hardcoded in KEB
+        volume:
+          type: gp2
+          size: 50Gi
+        # Provided by the KEB, required
+        zones:
+          - eu-central-1a
+        # Optional, if not provided default will be used
+        name: cpu-worker-0
+        # Provided by the KEB, required
+        minimum: 1
+        # Provided by the KEB, required
+        maximum: 1
+        # Provided by the KEB, required in the first release.
+        # It can be optional removed in the future, as it equals to zone count
+        maxSurge: 1
+        # Provided by the KEB, required in the first release.
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+    # Provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/aws-minimal.yaml b/docs/adrs/assets/runtime-examples/aws-minimal.yaml
new file mode 100644
index 00000000..a148d4e1
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/aws-minimal.yaml
@@ -0,0 +1,64 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+    provider:
+      type: aws
+      region: eu-central-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: m6i.large
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-central-1a
+          - eu-central-1b
+          - eu-central-1c
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/aws-trial.yaml b/docs/adrs/assets/runtime-examples/aws-trial.yaml
new file mode 100644
index 00000000..16115add
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/aws-trial.yaml
@@ -0,0 +1,57 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: evaluation
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+    provider:
+      type: aws
+      region: eu-central-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: mx5.large
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-central-1a
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 1
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 1
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 1
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/aws.yaml b/docs/adrs/assets/runtime-examples/aws.yaml
new file mode 100644
index 00000000..39207214
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/aws.yaml
@@ -0,0 +1,92 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    # Will be modified by the SRE
+    kubernetes:
+      # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      version: "1.28.7"
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+          - RS256
+          usernameClaim: sub
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        additionalOidcConfig:
+          - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+            groupsClaim: groups
+            issuerURL:
+            signingAlgs:
+              - RS256
+            usernameClaim: sub
+            usernamePrefix: 'someother'
+    ## spec.shoot.provider is provided by the KEB, required
+    provider:
+      type: aws
+      region: eu-central-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: m6i.large
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+        volume:
+          type: gp2
+          size: 50Gi
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-central-1a
+          - eu-central-1b
+          - eu-central-1c
+        # is provided by the KEB. Optional, if not provided default will be used
+        name: cpu-worker-0
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+        # will be provided by the KEB, optional (default=false)
+        ingress:
+          enabled: true
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/azure-fremium.yaml b/docs/adrs/assets/runtime-examples/azure-fremium.yaml
new file mode 100644
index 00000000..16115add
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/azure-fremium.yaml
@@ -0,0 +1,57 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: evaluation
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+    provider:
+      type: aws
+      region: eu-central-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: mx5.large
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-central-1a
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 1
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 1
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 1
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/azure-lite.yaml b/docs/adrs/assets/runtime-examples/azure-lite.yaml
new file mode 100644
index 00000000..91f6c2f2
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/azure-lite.yaml
@@ -0,0 +1,71 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+          - RS256
+        usernameClaim: sub
+    ## spec.shoot.provider is provided by the KEB, required
+    provider:
+      type: aws
+      region: eastus
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: Standard_D4s_v5
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+        volume:
+          type: Standard_LRS
+          size: 50Gi
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eastus1
+        # is provided by the KEB. Optional, if not provided default will be used
+        name: cpu-worker-0
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 2
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 10
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 1
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/azure.yaml b/docs/adrs/assets/runtime-examples/azure.yaml
new file mode 100644
index 00000000..67883bd8
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/azure.yaml
@@ -0,0 +1,91 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      version: "1.28.7"
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        additionalOidcConfig:
+          - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+            groupsClaim: groups
+            issuerURL:
+            signingAlgs:
+              - RS256
+            usernameClaim: sub
+            usernamePrefix: 'someother'
+    ## spec.shoot.provider is provided by the KEB, required
+    provider:
+      type: aws
+      region: eastus
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: Standard_D2s_v5
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+        volume:
+          type: Standard_LRS
+          size: 50Gi
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eastus1
+          - eastus2
+          - eastus3
+        # is provided by the KEB. Optional, if not provided default will be used
+        name: cpu-worker-0
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+        # will be provided by the KEB, optional (default=false)
+        ingress:
+          enabled: true
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/gcp.yaml b/docs/adrs/assets/runtime-examples/gcp.yaml
new file mode 100644
index 00000000..c1c6c3d8
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/gcp.yaml
@@ -0,0 +1,91 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      version: "1.28.7"
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        additionalOidcConfig:
+          - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+            groupsClaim: groups
+            issuerURL:
+            signingAlgs:
+              - RS256
+            usernameClaim: sub
+            usernamePrefix: 'someother'
+    ## spec.shoot.provider is provided by the KEB, required
+    provider:
+      type: aws
+      region: europe-west3
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: n2-standard-2
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+        volume:
+          type: pd-standard
+          size: 50Gi
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - europe-west3a
+          - europe-west3b
+          - europe-west3c
+        # is provided by the KEB. Optional, if not provided default will be used
+        name: cpu-worker-0
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+        # will be provided by the KEB, optional (default=false)
+        ingress:
+          enabled: true
+    # is provided by the KEB, required
+    administrators:
+      -
\ No newline at end of file
diff --git a/docs/adrs/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adrs/assets/runtime-examples/sap-converged-cloud.yaml
new file mode 100644
index 00000000..d8a37668
--- /dev/null
+++ b/docs/adrs/assets/runtime-examples/sap-converged-cloud.yaml
@@ -0,0 +1,87 @@
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      version: "1.28.7"
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        additionalOidcConfig:
+          - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+            groupsClaim: groups
+            issuerURL:
+            signingAlgs:
+              - RS256
+            usernameClaim: sub
+            usernamePrefix: 'someother'
+    ## spec.shoot.provider is provided by the KEB, required
+    provider:
+      type: openstack
+      region: eu-de-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: g_c2_m8
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
+          # Will be modified by the SRE
+          image:
+            name: gardenlinux
+            version: 1312.3.0
+        # Note: KEB doesn't specify the volume, Gardener defaults used
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-de-1a
+          - eu-de-1b
+          - eu-de-1d
+        # is provided by the KEB. Optional, if not provided default will be used
+        name: cpu-worker-0
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    networking:
+      filter:
+        # is provided by the KEB, required
+        egress:
+          enabled: false
+        # will be provided by the KEB, optional (default=false)
+        ingress:
+          enabled: true
+    # is provided by the KEB, required
+    administrators:
+      -
diff --git a/docs/adrs/ b/docs/adrs/
new file mode 100644
index 00000000..eae5230c
--- /dev/null
+++ b/docs/adrs/
@@ -0,0 +1,214 @@
+# Introduction
+This document defines architecture, and API for provisioning functionality.
+# Target architecture
+The following picture shows the proposed architecture:
+The following assumptions were taken:
+- KEB is responsible for:
+    - Creating `Runtime` CR containing the following data:
+      - provider config (type, region, and secret with credentials for hyperscaler)
+      - worker pool specification
+      - cluster networking settings (nodes, pods, and services API ranges)
+      - OIDC settings
+      - cluster administrators list
+      - Egress network filter settings
+      - Control Plane failure tolerance
+    - Observing status of the CR to determine whether provisioning succeeded
+- Kyma Infrastructure Manager is responsible for:
+    - creating shoots based on:
+      - corresponding `Runtime` CR properties
+      - predefined defaults for the optional properties:
+        - Kubernetes version
+        - Machine image version
+      - predefined configuration for the following extensions:
+        - DNS 
+        - Certificates
+    - upgrading, and deleting shoots for corresponding `Runtime` CRs
+    - applying audit log configuration on the shoot resource
+    - generating kubeconfig
+# API proposal
+## CR examples
+The example below shows the CR that should be created by the KEB to provision AWS production cluster:
+kind: Runtime
+  name: runtime-id
+  namespace: kcp-system
+  labels:
+ instance-id
+ runtime-id
+ plan-id
+ plan-name
+ global-account-id
+ subAccount-id
+ shoot-name
+ region
+ kymaName
+  shoot:
+    # is set by the KEB, required
+    name: shoot-name
+    # spec.shoot.purpose is set by the KEB, required
+    purpose: production
+    kubernetes:
+      kubeAPIServer:
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        oidcConfig:
+          clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+          groupsClaim: groups
+          issuerURL:
+          signingAlgs:
+            - RS256
+          usernameClaim: sub
+    provider:
+      type: aws
+      region: eu-central-1
+      # We must consider whether it makes sense to move HAP into KIM
+      secretBindingName: "hypersaler secret"
+    # spec.shoot.Networking is Provided by the KEB, required
+    networking:
+      pods:
+      nodes:
+      services:
+    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    controlPlane:
+      highAvailability:
+        failureTolerance:
+          type: node
+    workers:
+      - machine:
+          # spec.shoot.workers.machine.type provided by the KEB, required
+          type: m6i.large
+        # spec.shoot.workers.zones is provided by the KEB, required
+        zones:
+          - eu-central-1a
+          - eu-central-1b
+          - eu-central-1c
+        # spec.shoot.workers.minimum is provided by the KEB, required
+        minimum: 3
+        # spec.shoot.workers.maximum is provided by the KEB, required
+        maximum: 20
+        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it equals to zone count
+        maxSurge: 3
+        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # It can be optional in the future, as it is always set to 0
+        maxUnavailable:  0
+  security:
+    # is provided by the KEB, required
+    administrators:
+      -
+There are some additional optional fields (please see [this example](assets/runtime-examples/aws.yaml) that could be specified:
+- `spec.shoot.kubernetes.version` ; if not provided default value will be read by KIM from configuration
+- `spec.shoot.workers.machine.image` ; if not provided default value will be read by KIM from configuration
+- `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no addition OIDC provider will be configured
+- `` ; if not provided, some hardcoded name will be used
+- `` ; if not provided `false` value will be used
+Please, see the following examples to understand what CRs need to be created for particular KEB plans:
+- [AWS trial plan](assets/runtime-examples/aws-trial.yaml))
+- [Azure](assets/runtime-examples/azure.yaml)
+- [Azure lite](assets/runtime-examples/azure-lite.yaml)
+- [GCP](assets/runtime-examples/gcp.yaml)
+- [SAP Converge Cloud](assets/runtime-examples/sap-converged-cloud.yaml)
+## API structures
+package v2
+import (
+	gardener ""
+	metav1 ""
+type Runtime struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec   RuntimeSpec   `json:"spec"`
+	Status RuntimeStatus `json:"status,omitempty"`
+type RuntimeSpec struct {
+	Shoot    Shoot    `json:"spec"`
+	Security Security `json:"security"`
+type Shoot struct {
+	Name       string             `json:"name"`
+	Purpose    string             `json:"purpose"`
+	Kubernetes Kubernetes         `json:"kubernetes"`
+	Provider   Provider           `json:"provider"`
+	Networking Networking         `json:"networking"`
+	Workers    *[]gardener.Worker `json:"workers,omitempty"`
+type Provider struct {
+	Type              string `json:"type"`
+	Region            string `json:"region"`
+	SecretBindingName string `json:"secretBindingName"`
+type Networking struct {
+	Pods     *string `json:"pods,omitempty"`
+	Nodes    *string `json:"nodes,omitempty"`
+	Services *string `json:"services,omitempty"`
+type Kubernetes struct {
+	Version       string     `json:"version"`
+	KubeAPIServer *APIServer `json:"kubeAPIServer,omitempty"`
+type APIServer struct {
+	oidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
+	additionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig""`
+type Security struct {
+	Administrators []string           `json:"administrators"`
+	Networking     NetworkingSecurity `json:"networking""`
+type NetworkingSecurity struct {
+	Filter Filter `json:"filter"`
+type Filter struct {
+	Ingress Ingress `json:"ingress"`
+	Egress  Egress  `json:"egress"`
+type Ingress struct {
+	Enabled bool `json:"enabled"`
+type Egress struct {
+	Enabled bool `json:"enabled"`
+type State string
+// +kubebuilder:object:root=true
+// RuntimeStatus defines the observed state of Runtime
+type RuntimeStatus struct {
+	// State signifies current state of Runtime.
+	// Value can be one of ("Ready", "Processing", "Error", "Deleting").
+	State State `json:"state,omitempty"`
+	// List of status conditions to indicate the status of a ServiceInstance.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty"`

diff --git a/docs/adrs/ b/docs/adrs/
index eae5230c..0a47c87f 100644
--- a/docs/adrs/
+++ b/docs/adrs/
@@ -6,6 +6,8 @@ This document defines architecture, and API for provisioning functionality.
 The following picture shows the proposed architecture:
+> Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality in the Kyma Infrastructure Manager include renaming the CR to maintain consistency.
 The following assumptions were taken:
 - KEB is responsible for:
     - Creating `Runtime` CR containing the following data:

This document defines architecture, and API for the provisioning functionality.
 # Target architecture
-The following picture shows the proposed architecture:
+The following picture shows the agreed architecture:
 The following picture shows the agreed architecture:
 The following assumptions were taken:
-- KEB is responsible for:
+- KEB has the following responsibilities:
     - Creating `Runtime` CR containing the following data:
-      - provider config (type, region, and secret with credentials for hyperscaler)
-      - worker pool specification
-      - cluster networking settings (nodes, pods, and services API ranges)
+      - Provider config (type, region, and secret with credentials for hyperscaler)
+      - Worker pool specification
+      - Cluster networking settings (nodes, pods, and services API ranges)
       - OIDC settings
-      - cluster administrators list
+      - Cluster administrators list
       - Egress network filter settings
       - Control Plane failure tolerance
-    - Observing status of the CR to determine whether provisioning succeeded
-- Kyma Infrastructure Manager is responsible for:
-    - creating shoots based on:
-      - corresponding `Runtime` CR properties
-      - predefined defaults for the optional properties:
+    - observing status of the CR to determine whether provisioning succeeded
+- Kyma Infrastructure Manager has the following responsibilities:
+    - Creating shoots based on:
+      - Corresponding `Runtime` CR properties
+      - Predefined defaults for the optional properties:
         - Kubernetes version
         - Machine image version
-      - predefined configuration for the following extensions:
+      - Predefined configuration for the following extensions:
         - DNS 
         - Certificates
-    - upgrading, and deleting shoots for corresponding `Runtime` CRs
-    - applying audit log configuration on the shoot resource
-    - generating kubeconfig
+    - Upgrading, and deleting shoots for corresponding `Runtime` CRs
+    - Applying audit log configuration on the shoot resource
+    - Generating kubeconfig
 # API proposal
@@ -119,9 +119,9 @@ spec:
-There are some additional optional fields  that could be specified:
-- `spec.shoot.kubernetes.version` ; if not provided default value will be read by KIM from configuration
-- `spec.shoot.workers.machine.image` ; if not provided default value will be read by KIM from configuration
+There are some additional optional fields that could be specified:
+- `spec.shoot.kubernetes.version` ; if not provided default value will be read by the KIM from configuration
+- `spec.shoot.workers.machine.image` ; if not provided default value will be read by the KIM from configuration
 - `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no addition OIDC provider will be configured
 - `` ; if not provided, some hardcoded name will be used
 - `` ; if not provided `false` value will be used

 docs/adr/assets/runtime-examples/aws-freemium.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 1ad50aa0..ef024091 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -15,9 +15,9 @@ metadata:
   namespace: kcp-system
-    # Set by KEB, required
+    # Set by the KEB, required
     name: shoot-name
-    # Set by KEB, required
+    # Set by the KEB, required
     purpose: evaluation
@@ -48,7 +48,7 @@ spec:
           type: zone
       - machine:
-          # Set by KEB, required
+          # Set by the KEB, required
           type: m5.xlarge
           # Optional, when not provider default will be used
           # Will be modified by the SRE

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index a53e12fd..424282e9 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -17,7 +17,7 @@ The following assumptions were taken:
       - OIDC settings
       - Cluster administrators list
       - Egress network filter settings
-      - Control Plane failure tolerance
+      - Control Plane failure tolerance config
     - observing status of the CR to determine whether provisioning succeeded
 - Kyma Infrastructure Manager has the following responsibilities:
     - Creating shoots based on:

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 424282e9..7e27f70e 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -18,7 +18,7 @@ The following assumptions were taken:
       - Cluster administrators list
       - Egress network filter settings
       - Control Plane failure tolerance config
-    - observing status of the CR to determine whether provisioning succeeded
+    - Observing status of the CR to determine whether provisioning succeeded
 - Kyma Infrastructure Manager has the following responsibilities:
     - Creating shoots based on:
       - Corresponding `Runtime` CR properties

 docs/adr/assets/runtime-examples/aws-freemium.yaml        | 2 +-
 docs/adr/assets/runtime-examples/aws-minimal.yaml         | 2 +-
 docs/adr/assets/runtime-examples/aws-trial.yaml           | 2 +-
 docs/adr/assets/runtime-examples/aws.yaml                 | 2 +-
 docs/adr/assets/runtime-examples/azure-fremium.yaml       | 2 +-
 docs/adr/assets/runtime-examples/azure-lite.yaml          | 2 +-
 docs/adr/assets/runtime-examples/azure.yaml               | 2 +-
 docs/adr/assets/runtime-examples/gcp.yaml                 | 2 +-
 docs/adr/assets/runtime-examples/sap-converged-cloud.yaml | 2 +-
 docs/adr/                                  | 4 ++--
 10 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index ef024091..874a0203 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -36,7 +36,7 @@ spec:
       region: eu-central-1
       # Provided by the KEB, required.
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index 90d1f71b..7b6a76fb 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -33,7 +33,7 @@ spec:
       type: aws
       region: eu-central-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index 1b28520a..f5397bba 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -33,7 +33,7 @@ spec:
       type: aws
       region: eu-central-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index a3f1b6dd..5f06a280 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -45,7 +45,7 @@ spec:
       type: aws
       region: eu-central-1
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index 0a953844..ef8d8867 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -33,7 +33,7 @@ spec:
       type: aws
       region: eu-central-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index c9ffe6d3..64886014 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -34,7 +34,7 @@ spec:
       type: aws
       region: eastus
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index d5c7d92c..b910b7fe 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -45,7 +45,7 @@ spec:
       type: aws
       region: eastus
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 103cc665..04a5d329 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -45,7 +45,7 @@ spec:
       type: aws
       region: europe-west3
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 9716fe2c..51915f39 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -45,7 +45,7 @@ spec:
       type: openstack
       region: eu-de-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
diff --git a/docs/adr/ b/docs/adr/
index 7e27f70e..72c8cbfc 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -78,7 +78,7 @@ spec:
       type: aws
       region: eu-central-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
@@ -166,7 +166,7 @@ spec:
       type: aws
       region: eu-central-1
       # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hypersaler secret"
+      secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required

From 7b689567e8a9e7da757d41e0048bcdb424a01875 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Wed, 8 May 2024 15:42:25 +0200
Subject: [PATCH 15/49] Update

 docs/adr/ | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 72c8cbfc..cb5b3dbe 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -44,7 +44,6 @@ Please mind that the `Runtime` CR should contain the following labels: plan-name global-account-id subAccount-id
- shoot-name region kymaName

 docs/adr/assets/runtime-examples/aws-freemium.yaml        | 1 -
 docs/adr/assets/runtime-examples/aws-minimal.yaml         | 1 -
 docs/adr/assets/runtime-examples/aws-trial.yaml           | 1 -
 docs/adr/assets/runtime-examples/aws.yaml                 | 1 -
 docs/adr/assets/runtime-examples/azure-fremium.yaml       | 1 -
 docs/adr/assets/runtime-examples/azure-lite.yaml          | 1 -
 docs/adr/assets/runtime-examples/azure.yaml               | 1 -
 docs/adr/assets/runtime-examples/gcp.yaml                 | 1 -
 docs/adr/assets/runtime-examples/sap-converged-cloud.yaml | 1 -
 9 files changed, 9 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 874a0203..a5b90c0f 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index 7b6a76fb..ff7e626f 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index f5397bba..a222bfb9 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 5f06a280..8124ef2e 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index ef8d8867..a80145c6 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 64886014..12344999 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index b910b7fe..a79cf8a9 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 04a5d329..32bd9896 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 51915f39..ad387d1c 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -8,7 +8,6 @@ metadata: plan-name global-account-id subAccount-id
- shoot-name region kymaName
   name: runtime-id

 docs/adr/assets/runtime-examples/aws-minimal.yaml         | 1 +
 docs/adr/assets/runtime-examples/aws-trial.yaml           | 1 +
 docs/adr/assets/runtime-examples/aws.yaml                 | 1 +
 docs/adr/assets/runtime-examples/azure-fremium.yaml       | 1 +
 docs/adr/assets/runtime-examples/azure-lite.yaml          | 1 +
 docs/adr/assets/runtime-examples/azure.yaml               | 1 +
 docs/adr/assets/runtime-examples/gcp.yaml                 | 1 +
 docs/adr/assets/runtime-examples/sap-converged-cloud.yaml | 1 +
 9 files changed, 9 insertions(+)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index a5b90c0f..874a0203 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index ff7e626f..7b6a76fb 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index a222bfb9..f5397bba 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 8124ef2e..5f06a280 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index a80145c6..ef8d8867 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 12344999..64886014 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index a79cf8a9..b910b7fe 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 32bd9896..04a5d329 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index ad387d1c..51915f39 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -8,6 +8,7 @@ metadata: plan-name global-account-id subAccount-id
+ shoot-name region kymaName
   name: runtime-id

 docs/adr/ | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/adr/ b/docs/adr/
index cb5b3dbe..72c8cbfc 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -44,6 +44,7 @@ Please mind that the `Runtime` CR should contain the following labels: plan-name global-account-id subAccount-id
+ shoot-name region kymaName

 docs/adr/ | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 72c8cbfc..6879dcdd 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -74,6 +74,7 @@ spec:
             - RS256
           usernameClaim: sub
+    # spec.shoot.provider is provided by the KEB, required
       type: aws
       region: eu-central-1
@@ -161,7 +162,7 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is provided by the KEB, required
+    # spec.shoot.provider is provided by the KEB, required
       type: aws
       region: eu-central-1

 docs/adr/ | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 6879dcdd..fc873f96 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -78,7 +78,6 @@ spec:
       type: aws
       region: eu-central-1
-      # We must consider whether it makes sense to move HAP into KIM
       secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required
@@ -166,7 +165,6 @@ spec:
       type: aws
       region: eu-central-1
-      # We must consider whether it makes sense to move HAP into KIM
       secretBindingName: "hyperscaler secret"
     # spec.shoot.Networking is Provided by the KEB, required

 docs/adr/ | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index fc873f96..a8f1d754 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -84,7 +84,7 @@ spec:
-    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    # spec.shoot.controlPlane is provided by the KEB, required
@@ -171,7 +171,7 @@ spec:
-    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    # spec.shoot.controlPlane is provided by the KEB, required

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index a8f1d754..ee93c700 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -111,7 +111,7 @@ spec:
-        # is provided by the KEB, required
+        # is provided by the KEB, required
           enabled: false
     # is provided by the KEB, required

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index ee93c700..e99a7426 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -220,7 +220,7 @@ spec:
-> Note: please mind that the additional OIDC providers, and ingress network filtering will not be implemented in teh first release.
+> Note: please mind that the additional OIDC providers, and ingress network filtering will not be implemented in the first release.
 Please, see the following examples to understand what CRs need to be created for particular KEB plans:
 - [AWS trial plan](assets/runtime-examples/aws-trial.yaml)

diff --git a/docs/adr/ b/docs/adr/
new file mode 100644
index 00000000..00b25f5f
--- /dev/null
+++ b/docs/adr/
@@ -0,0 +1,2 @@
This folder contains architecture decision records.
diff --git a/docs/adr/ b/docs/adr/
index e99a7426..bbf5a5eb 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -232,7 +232,7 @@ Please, see the following examples to understand what CRs need to be created for
 ## API structures
-package v2
+package v1
 import (
 	gardener ""
@@ -268,14 +268,14 @@ type Provider struct {
 type Networking struct {
-	Pods     *string `json:"pods,omitempty"`
-	Nodes    *string `json:"nodes,omitempty"`
-	Services *string `json:"services,omitempty"`
+	Pods     string `json:"pods,omitempty"`
+	Nodes    string `json:"nodes,omitempty"`
+	Services string `json:"services,omitempty"`
 type Kubernetes struct {
-	Version       string     `json:"version"`
-	KubeAPIServer *APIServer `json:"kubeAPIServer,omitempty"`
+	Version       string    `json:"version"`
+	KubeAPIServer APIServer `json:"kubeAPIServer,omitempty"`
 type APIServer struct {
@@ -293,8 +293,8 @@ type NetworkingSecurity struct {
 type Filter struct {
-	Ingress Ingress `json:"ingress"`
-	Egress  Egress  `json:"egress"`
+	Ingress *Ingress `json:"ingress"`
+	Egress  Egress   `json:"egress"`
 type Ingress struct {

 docs/adr/ | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/adr/ b/docs/adr/
index 00b25f5f..8e4669d2 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -1,2 +1,8 @@
+# Overview
 This folder contains architecture decision records.
+# Documents
+- [Provisioning functionality](./

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index bbf5a5eb..09a18926 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -1,5 +1,5 @@
 # Introduction
-This document defines architecture, and API for the provisioning functionality.
+This document defines architecture, and API for the Gardener cluster provisioning functionality.
 # Target architecture

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 09a18926..115c9113 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -6,7 +6,7 @@ This document defines architecture, and API for the Gardener cluster provisionin
 The following picture shows the agreed architecture:
-> Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality in the Kyma Infrastructure Manager includes renaming the CR to maintain consistency.
+> Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality includes renaming the CR to maintain consistency.
 The following assumptions were taken:
 - KEB has the following responsibilities:

 .../adr/assets/keb-kim-target-arch.drawio.svg |  2 +-
 .../assets/runtime-examples/aws-freemium.yaml |  1 +
 .../assets/runtime-examples/aws-minimal.yaml  |  1 +
 .../assets/runtime-examples/aws-trial.yaml    |  1 +
 docs/adr/assets/runtime-examples/aws.yaml     |  1 +
 .../runtime-examples/azure-fremium.yaml       |  1 +
 .../assets/runtime-examples/azure-lite.yaml   |  1 +
 docs/adr/assets/runtime-examples/azure.yaml   |  1 +
 docs/adr/assets/runtime-examples/gcp.yaml     |  1 +
 .../runtime-examples/sap-converged-cloud.yaml |  1 +
 docs/adr/                      | 57 ++++++++++++-------
 11 files changed, 45 insertions(+), 23 deletions(-)

diff --git a/docs/adr/assets/keb-kim-target-arch.drawio.svg b/docs/adr/assets/keb-kim-target-arch.drawio.svg
index 439cb4ba..b53f8f70 100644
--- a/docs/adr/assets/keb-kim-target-arch.drawio.svg
+++ b/docs/adr/assets/keb-kim-target-arch.drawio.svg
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Do not edit this file with editors other than -->
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "">
-<svg xmlns="" xmlns:xlink="" version="1.1" width="822px" height="591px" viewBox="-0.5 -0.5 822 591" content="&lt;mxfile host=&quot;; modified=&quot;2024-05-08T12:21:32.566Z&quot; agent=&quot;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36&quot; etag=&quot;9fDpxlZcrvNXN_X_p45L&quot; scale=&quot;1&quot; border=&quot;0&quot; version=&quot;24.3.1&quot; type=&quot;device&quot;&gt;&#10;  &lt;diagram name=&quot;Page-1&quot; id=&quot;0ahoYHhgpX2lhLgWHN-l&quot;&gt;&#10;    &lt;mxGraphModel dx=&quot;577&quot; dy=&quot;1271&quot; grid=&quot;1&quot; gridSize=&quot;10&quot; guides=&quot;1&quot; tooltips=&quot;1&quot; connect=&quot;1&quot; arrows=&quot;1&quot; fold=&quot;1&quot; page=&quot;1&quot; pageScale=&quot;1&quot; pageWidth=&quot;850&quot; pageHeight=&quot;1100&quot; math=&quot;0&quot; shadow=&quot;0&quot;&gt;&#10;      &lt;root&gt;&#10;        &lt;mxCell id=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;1&quot; parent=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; value=&quot;&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;dashed=1&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;141&quot; y=&quot;150&quot; width=&quot;690&quot; height=&quot;580&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;2&quot; value=&quot;Kyma Environment Broker&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;170&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;3&quot; value=&quot;BTP&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;10&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;4&quot; value=&quot;Kyma Infrastructure Manager&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;510&quot; y=&quot;360&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;5&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;3&quot; target=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;130&quot; y=&quot;460&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;180&quot; y=&quot;410&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;7&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;320&quot; y=&quot;290&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;340&quot; y=&quot;310&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;8&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0.596;entryY=-0.017;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; target=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;520&quot; y=&quot;310&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;670&quot; y=&quot;240&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;582&quot; y=&quot;310&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;9&quot; value=&quot;Gardener&quot; style=&quot;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;750&quot; y=&quot;350&quot; width=&quot;80&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;10&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;660&quot; y=&quot;380&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;710&quot; y=&quot;330&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;12&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0.5;exitY=1;exitDx=0;exitDy=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;700&quot; y=&quot;570&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;570&quot; y=&quot;490&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;13&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;290&quot; y=&quot;380&quot; width=&quot;90&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;14&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;600&quot; y=&quot;460&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;15&quot; value=&quot;1&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;310&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;16&quot; value=&quot;2&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;590&quot; y=&quot;290&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;17&quot; value=&quot;3&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;660&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;18&quot; value=&quot;Start provisioning&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;540&quot; y=&quot;260&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;19&quot; value=&quot;Create shoot CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;620&quot; y=&quot;310&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;20&quot; style=&quot;edgeStyle=none;curved=1;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;fontSize=12;startSize=8;endSize=8;&quot; parent=&quot;1&quot; source=&quot;17&quot; target=&quot;17&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;21&quot; value=&quot;4&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;610&quot; y=&quot;427&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;22&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=0.625;entryY=0.988;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;420&quot; y=&quot;530&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;470&quot; y=&quot;480&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;390&quot; /&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;590&quot; /&gt;&#10;              &lt;mxPoint x=&quot;800&quot; y=&quot;590&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;23&quot; value=&quot;5&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;379&quot; y=&quot;440&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;24&quot; value=&quot;Fetch kubeconfig&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;369&quot; y=&quot;480&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-25&quot; value=&quot;Runtime CRD&amp;amp;nbsp;contains details of the cluster&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;370&quot; y=&quot;190&quot; width=&quot;120&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-26&quot; value=&quot;RuntimeKubeconfig&amp;amp;nbsp;CRD contains data needed to fetch kubeconfig. &amp;lt;b&amp;gt;&amp;amp;nbsp;&amp;lt;/b&amp;gt;&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;490&quot; y=&quot;610&quot; width=&quot;190&quot; height=&quot;100&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-32&quot; value=&quot;Kyma Control Plane&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=16;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;640&quot; y=&quot;160&quot; width=&quot;170&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-24&quot; value=&quot;RuntimeKubeconfig CR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;485&quot; y=&quot;490&quot; width=&quot;170&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-25&quot; value=&quot;Runtime CR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;340&quot; y=&quot;280&quot; width=&quot;180&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;mGOWFElGAteea3bxPiqX-24&quot; style=&quot;edgeStyle=none;curved=1;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fontSize=12;startSize=8;endSize=8;&quot; edge=&quot;1&quot; parent=&quot;1&quot; source=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; target=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;      &lt;/root&gt;&#10;    &lt;/mxGraphModel&gt;&#10;  &lt;/diagram&gt;&#10;&lt;/mxfile&gt;&#10;"><defs/><g><g><rect x="131" y="0" width="690" height="580" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-dasharray="3 3" pointer-events="all"/></g><g><rect x="160" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 161px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Environment Broker</div></div></div></foreignObject><text x="220" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Environment Bro...</text></switch></g></g><g><rect x="0" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 1px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">BTP</div></div></div></foreignObject><text x="60" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">BTP</text></switch></g></g><g><rect x="500" y="210" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 240px; margin-left: 501px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Infrastructure Manager</div></div></div></foreignObject><text x="560" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Infrastructure...</text></switch></g></g><g><path d="M 120.5 165 L 120.5 155 L 140.5 155 L 140.5 144.5 L 159.5 160 L 140.5 175.5 L 140.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 280.5 165 L 280.5 155 L 310.5 155 L 310.5 144.5 L 329.5 160 L 310.5 175.5 L 310.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155 L 577.05 155 L 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43 L 566.95 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/><path d="M 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><rect x="740" y="200" width="80" height="80" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 78px; height: 1px; padding-top: 240px; margin-left: 741px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Gardener</div></div></div></foreignObject><text x="780" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Gardener</text></switch></g></g><g><path d="M 620.5 245 L 620.5 235 L 720.5 235 L 720.5 224.5 L 739.5 240 L 720.5 255.5 L 720.5 245 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 555 295.5 L 544.5 295.5 L 560 270.5 L 575.5 295.5 L 565 295.5 L 565 314.5 L 575.5 314.5 L 560 339.5 L 544.5 314.5 L 555 314.5 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><rect x="280" y="230" width="90" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 245px; margin-left: 281px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="325" y="249" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><rect x="590" y="310" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 325px; margin-left: 591px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="620" y="329" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><ellipse cx="320" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 301px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">1</div></div></div></foreignObject><text x="320" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">1</text></switch></g></g><g><ellipse cx="600" cy="160" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 160px; margin-left: 581px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">2</div></div></div></foreignObject><text x="600" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">2</text></switch></g></g><g><ellipse cx="670" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 651px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">3</div></div></div></foreignObject><text x="670" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">3</text></switch></g></g><g><rect x="530" y="110" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 125px; margin-left: 531px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Start provisioning</div></div></div></foreignObject><text x="600" y="129" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Start provisioning</text></switch></g></g><g><rect x="610" y="160" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 175px; margin-left: 611px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create shoot CR</div></div></div></foreignObject><text x="680" y="179" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create shoot CR</text></switch></g></g><g/><g><ellipse cx="620" cy="297" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 297px; margin-left: 601px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">4</div></div></div></foreignObject><text x="620" y="301" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">4</text></switch></g></g><g><path d="M 499.5 235 L 499.5 245 L 435 245 L 435 435 L 785 435 L 785 304.54 L 774.5 304.54 L 790 279.54 L 805.5 304.54 L 795 304.54 L 795 445 L 425 445 L 425 235 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 785 304.54 L 774.5 304.54 L 790 279.54 L 805.5 304.54 L 795 304.54" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><ellipse cx="389" cy="310" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 310px; margin-left: 370px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">5</div></div></div></foreignObject><text x="389" y="314" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">5</text></switch></g></g><g><rect x="359" y="330" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 345px; margin-left: 360px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Fetch kubeconfig</div></div></div></foreignObject><text x="389" y="349" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Fetch kube...</text></switch></g></g><g><path d="M 360 40 L 480 40 L 480 108 Q 450 86.4 420 108 Q 390 129.6 360 108 L 360 52 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 68px; margin-left: 361px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Runtime CRD contains details of the cluster</div></div></div></foreignObject><text x="420" y="72" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Runtime CRD contains...</text></switch></g></g><g><path d="M 480 460 L 670 460 L 670 545 Q 622.5 518 575 545 Q 527.5 572 480 545 L 480 475 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 495px; margin-left: 481px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RuntimeKubeconfig CRD contains data needed to fetch kubeconfig. <b> </b></div></div></div></foreignObject><text x="575" y="499" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">RuntimeKubeconfig CRD contains...</text></switch></g></g><g><rect x="630" y="10" width="170" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 25px; margin-left: 631px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Control Plane</div></div></div></foreignObject><text x="715" y="30" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="16px" text-anchor="middle">Kyma Control Plane</text></switch></g></g><g><rect x="475" y="340" width="170" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 370px; margin-left: 476px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RuntimeKubeconfig CR</div></div></div></foreignObject><text x="560" y="374" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">RuntimeKubeconfig CR</text></switch></g></g><g><rect x="330" y="130" width="180" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 178px; height: 1px; padding-top: 160px; margin-left: 331px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Runtime CR</div></div></div></foreignObject><text x="420" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Runtime CR</text></switch></g></g><g/></g><switch><g requiredFeatures=""/><a transform="translate(0,-5)" xlink:href="" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
+<svg xmlns="" xmlns:xlink="" version="1.1" width="851px" height="591px" viewBox="-0.5 -0.5 851 591" content="&lt;mxfile host=&quot;; modified=&quot;2024-05-09T08:35:35.937Z&quot; agent=&quot;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36&quot; etag=&quot;SLstISsH5nRcHgYSm9at&quot; scale=&quot;1&quot; border=&quot;0&quot; version=&quot;24.3.1&quot; type=&quot;device&quot;&gt;&#10;  &lt;diagram name=&quot;Page-1&quot; id=&quot;0ahoYHhgpX2lhLgWHN-l&quot;&gt;&#10;    &lt;mxGraphModel dx=&quot;1217&quot; dy=&quot;631&quot; grid=&quot;1&quot; gridSize=&quot;10&quot; guides=&quot;1&quot; tooltips=&quot;1&quot; connect=&quot;1&quot; arrows=&quot;1&quot; fold=&quot;1&quot; page=&quot;1&quot; pageScale=&quot;1&quot; pageWidth=&quot;850&quot; pageHeight=&quot;1100&quot; math=&quot;0&quot; shadow=&quot;0&quot;&gt;&#10;      &lt;root&gt;&#10;        &lt;mxCell id=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;1&quot; parent=&quot;0&quot; /&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; value=&quot;&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;dashed=1&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;141&quot; y=&quot;150&quot; width=&quot;599&quot; height=&quot;580&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;2&quot; value=&quot;Kyma Environment Broker&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;170&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;3&quot; value=&quot;BTP&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;10&quot; y=&quot;280&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;4&quot; value=&quot;Kyma Infrastructure Manager&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;510&quot; y=&quot;360&quot; width=&quot;120&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;5&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;3&quot; target=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;130&quot; y=&quot;460&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;180&quot; y=&quot;410&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;7&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;&quot; parent=&quot;1&quot; source=&quot;2&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;320&quot; y=&quot;290&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;340&quot; y=&quot;310&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;8&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0.596;entryY=-0.017;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; target=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;520&quot; y=&quot;310&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;670&quot; y=&quot;240&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;582&quot; y=&quot;310&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;9&quot; value=&quot;Gardener&quot; style=&quot;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;780&quot; y=&quot;350&quot; width=&quot;80&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;10&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;660&quot; y=&quot;380&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;710&quot; y=&quot;330&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;12&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0.5;exitY=1;exitDx=0;exitDy=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;100&quot; height=&quot;100&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;700&quot; y=&quot;570&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;570&quot; y=&quot;490&quot; as=&quot;targetPoint&quot; /&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;13&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;290&quot; y=&quot;380&quot; width=&quot;90&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;14&quot; value=&quot;Create CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;600&quot; y=&quot;460&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;15&quot; value=&quot;1&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;310&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;16&quot; value=&quot;2&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;590&quot; y=&quot;290&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;17&quot; value=&quot;3&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;660&quot; y=&quot;340&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;18&quot; value=&quot;Start provisioning&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;540&quot; y=&quot;260&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;19&quot; value=&quot;Create shoot CR&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;620&quot; y=&quot;310&quot; width=&quot;140&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;20&quot; style=&quot;edgeStyle=none;curved=1;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;fontSize=12;startSize=8;endSize=8;&quot; parent=&quot;1&quot; source=&quot;17&quot; target=&quot;17&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;21&quot; value=&quot;4&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;610&quot; y=&quot;427&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;22&quot; value=&quot;&quot; style=&quot;shape=flexArrow;endArrow=classic;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=0.625;entryY=0.988;entryDx=0;entryDy=0;entryPerimeter=0;&quot; parent=&quot;1&quot; source=&quot;4&quot; target=&quot;9&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry width=&quot;50&quot; height=&quot;50&quot; relative=&quot;1&quot; as=&quot;geometry&quot;&gt;&#10;            &lt;mxPoint x=&quot;420&quot; y=&quot;530&quot; as=&quot;sourcePoint&quot; /&gt;&#10;            &lt;mxPoint x=&quot;470&quot; y=&quot;480&quot; as=&quot;targetPoint&quot; /&gt;&#10;            &lt;Array as=&quot;points&quot;&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;390&quot; /&gt;&#10;              &lt;mxPoint x=&quot;440&quot; y=&quot;590&quot; /&gt;&#10;              &lt;mxPoint x=&quot;830&quot; y=&quot;590&quot; /&gt;&#10;            &lt;/Array&gt;&#10;          &lt;/mxGeometry&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;23&quot; value=&quot;5&quot; style=&quot;ellipse;whiteSpace=wrap;html=1;aspect=fixed;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;379&quot; y=&quot;440&quot; width=&quot;40&quot; height=&quot;40&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;24&quot; value=&quot;Fetch kubeconfig&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=12;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;369&quot; y=&quot;480&quot; width=&quot;60&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-25&quot; value=&quot;Runtime CRD&amp;amp;nbsp;contains details of the cluster&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;370&quot; y=&quot;190&quot; width=&quot;120&quot; height=&quot;80&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;uJiPobTpmp8qSl2DZlkU-26&quot; value=&quot;RuntimeKubeconfig&amp;amp;nbsp;CRD contains data needed to fetch kubeconfig. &amp;lt;b&amp;gt;&amp;amp;nbsp;&amp;lt;/b&amp;gt;&quot; style=&quot;shape=document;whiteSpace=wrap;html=1;boundedLbl=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;490&quot; y=&quot;610&quot; width=&quot;190&quot; height=&quot;100&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;6NZ_8cFfOJs-itlOXwdO-32&quot; value=&quot;Kyma Control Plane&quot; style=&quot;text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=16;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;560&quot; y=&quot;160&quot; width=&quot;170&quot; height=&quot;30&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-24&quot; value=&quot;RuntimeKubeconfig CR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;485&quot; y=&quot;490&quot; width=&quot;170&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;nGG45oqGqh6GDVyRlN8J-25&quot; value=&quot;Runtime CR&quot; style=&quot;rounded=0;whiteSpace=wrap;html=1;&quot; parent=&quot;1&quot; vertex=&quot;1&quot;&gt;&#10;          &lt;mxGeometry x=&quot;340&quot; y=&quot;280&quot; width=&quot;180&quot; height=&quot;60&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;        &lt;mxCell id=&quot;mGOWFElGAteea3bxPiqX-24&quot; style=&quot;edgeStyle=none;curved=1;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fontSize=12;startSize=8;endSize=8;&quot; parent=&quot;1&quot; source=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; target=&quot;6NZ_8cFfOJs-itlOXwdO-31&quot; edge=&quot;1&quot;&gt;&#10;          &lt;mxGeometry relative=&quot;1&quot; as=&quot;geometry&quot; /&gt;&#10;        &lt;/mxCell&gt;&#10;      &lt;/root&gt;&#10;    &lt;/mxGraphModel&gt;&#10;  &lt;/diagram&gt;&#10;&lt;/mxfile&gt;&#10;"><defs/><g><g><rect x="131" y="0" width="599" height="580" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-dasharray="3 3" pointer-events="all"/></g><g><rect x="160" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 161px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Environment Broker</div></div></div></foreignObject><text x="220" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Environment Bro...</text></switch></g></g><g><rect x="0" y="130" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 160px; margin-left: 1px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">BTP</div></div></div></foreignObject><text x="60" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">BTP</text></switch></g></g><g><rect x="500" y="210" width="120" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 240px; margin-left: 501px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Infrastructure Manager</div></div></div></foreignObject><text x="560" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Kyma Infrastructure...</text></switch></g></g><g><path d="M 120.5 165 L 120.5 155 L 140.5 155 L 140.5 144.5 L 159.5 160 L 140.5 175.5 L 140.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 280.5 165 L 280.5 155 L 310.5 155 L 310.5 144.5 L 329.5 160 L 310.5 175.5 L 310.5 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155 L 577.05 155 L 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43 L 566.95 165 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 529.5 165 L 529.5 175.5 L 510.5 160 L 529.5 144.5 L 529.5 155" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/><path d="M 576.71 189.53 L 587.21 189.63 L 571.52 208.48 L 556.21 189.33 L 566.71 189.43" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><rect x="770" y="200" width="80" height="80" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 78px; height: 1px; padding-top: 240px; margin-left: 771px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Gardener</div></div></div></foreignObject><text x="810" y="244" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Gardener</text></switch></g></g><g><path d="M 620.5 245 L 620.5 235 L 750.5 235 L 750.5 224.5 L 769.5 240 L 750.5 255.5 L 750.5 245 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><path d="M 555 295.5 L 544.5 295.5 L 560 270.5 L 575.5 295.5 L 565 295.5 L 565 314.5 L 575.5 314.5 L 560 339.5 L 544.5 314.5 L 555 314.5 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><rect x="280" y="230" width="90" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 245px; margin-left: 281px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="325" y="249" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><rect x="590" y="310" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 325px; margin-left: 591px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create CR</div></div></div></foreignObject><text x="620" y="329" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create CR</text></switch></g></g><g><ellipse cx="320" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 301px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">1</div></div></div></foreignObject><text x="320" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">1</text></switch></g></g><g><ellipse cx="600" cy="160" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 160px; margin-left: 581px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">2</div></div></div></foreignObject><text x="600" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">2</text></switch></g></g><g><ellipse cx="670" cy="210" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 210px; margin-left: 651px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">3</div></div></div></foreignObject><text x="670" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">3</text></switch></g></g><g><rect x="530" y="110" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 125px; margin-left: 531px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Start provisioning</div></div></div></foreignObject><text x="600" y="129" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Start provisioning</text></switch></g></g><g><rect x="610" y="160" width="140" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 138px; height: 1px; padding-top: 175px; margin-left: 611px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Create shoot CR</div></div></div></foreignObject><text x="680" y="179" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Create shoot CR</text></switch></g></g><g/><g><ellipse cx="620" cy="297" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 297px; margin-left: 601px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">4</div></div></div></foreignObject><text x="620" y="301" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">4</text></switch></g></g><g><path d="M 499.5 235 L 499.5 245 L 435 245 L 435 435 L 815 435 L 815 304.54 L 804.5 304.54 L 820 279.54 L 835.5 304.54 L 825 304.54 L 825 445 L 425 445 L 425 235 Z" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="1.42" pointer-events="all"/><path d="M 815 304.54 L 804.5 304.54 L 820 279.54 L 835.5 304.54 L 825 304.54" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="4" pointer-events="all"/></g><g><ellipse cx="389" cy="310" rx="20" ry="20" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 310px; margin-left: 370px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">5</div></div></div></foreignObject><text x="389" y="314" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">5</text></switch></g></g><g><rect x="359" y="330" width="60" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 345px; margin-left: 360px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Fetch kubeconfig</div></div></div></foreignObject><text x="389" y="349" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Fetch kube...</text></switch></g></g><g><path d="M 360 40 L 480 40 L 480 108 Q 450 86.4 420 108 Q 390 129.6 360 108 L 360 52 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 68px; margin-left: 361px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Runtime CRD contains details of the cluster</div></div></div></foreignObject><text x="420" y="72" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Runtime CRD contains...</text></switch></g></g><g><path d="M 480 460 L 670 460 L 670 545 Q 622.5 518 575 545 Q 527.5 572 480 545 L 480 475 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 495px; margin-left: 481px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RuntimeKubeconfig CRD contains data needed to fetch kubeconfig. <b> </b></div></div></div></foreignObject><text x="575" y="499" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">RuntimeKubeconfig CRD contains...</text></switch></g></g><g><rect x="550" y="10" width="170" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 25px; margin-left: 551px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 16px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Kyma Control Plane</div></div></div></foreignObject><text x="635" y="30" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="16px" text-anchor="middle">Kyma Control Plane</text></switch></g></g><g><rect x="475" y="340" width="170" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 168px; height: 1px; padding-top: 370px; margin-left: 476px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RuntimeKubeconfig CR</div></div></div></foreignObject><text x="560" y="374" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">RuntimeKubeconfig CR</text></switch></g></g><g><rect x="330" y="130" width="180" height="60" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="" style="overflow: visible; text-align: left;"><div xmlns="" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 178px; height: 1px; padding-top: 160px; margin-left: 331px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Runtime CR</div></div></div></foreignObject><text x="420" y="164" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Runtime CR</text></switch></g></g><g/></g><switch><g requiredFeatures=""/><a transform="translate(0,-5)" xlink:href="" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 874a0203..0a938793 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index 7b6a76fb..df882352 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index f5397bba..afb7909d 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 5f06a280..7f00d576 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index ef8d8867..e503843b 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 64886014..1b405683 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index b910b7fe..efe49305 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 04a5d329..175e57d0 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 51915f39..bfa45b4b 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -10,6 +10,7 @@ metadata: subAccount-id shoot-name region
+ platform-region kymaName
   name: runtime-id
   namespace: kcp-system
diff --git a/docs/adr/ b/docs/adr/
index 115c9113..ff3dfd20 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -9,28 +9,40 @@ The following picture shows the agreed architecture:
 > Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality includes renaming the CR to maintain consistency.
 The following assumptions were taken:
-- KEB has the following responsibilities:
-    - Creating `Runtime` CR containing the following data:
-      - Provider config (type, region, and secret with credentials for hyperscaler)
-      - Worker pool specification
-      - Cluster networking settings (nodes, pods, and services API ranges)
-      - OIDC settings
-      - Cluster administrators list
-      - Egress network filter settings
-      - Control Plane failure tolerance config
-    - Observing status of the CR to determine whether provisioning succeeded
-- Kyma Infrastructure Manager has the following responsibilities:
-    - Creating shoots based on:
-      - Corresponding `Runtime` CR properties
-      - Predefined defaults for the optional properties:
-        - Kubernetes version
-        - Machine image version
-      - Predefined configuration for the following extensions:
-        - DNS 
-        - Certificates
-    - Upgrading, and deleting shoots for corresponding `Runtime` CRs
-    - Applying audit log configuration on the shoot resource
-    - Generating kubeconfig
+- Kyma Environment Broker should not contain all the details of the cluster infrastructure.
+- Kyma Infrastructure Manager's API should expose properties that:
+  - can be set in the BTP cockpit by the user
+  - are directly related to plans in the KEB
+- Kyma Infrastructure Manager's API should not expose properties that are:
+  - hardcoded in the Provisioner, or the KEB
+  - statically configured in the management-plane-config
+The Kyma Environment Broker has the following responsibilities:  
+- Creating `Runtime` CR containing the following data:
+    - Provider config (type, region, and secret with credentials for hyperscaler)
+    - Worker pool specification
+    - Cluster networking settings (nodes, pods, and services API ranges)
+    - OIDC settings
+    - Cluster administrators list
+    - Egress network filter settings
+    - Control Plane failure tolerance config
+  - Observing status of the CR to determine whether provisioning succeeded
+ The Kyma Infrastructure Manager has the following responsibilities:
+- Creating shoots based on:
+   - Corresponding `Runtime` CR properties
+   - Corresponding `Runtime` CR labels:
+     -  `` for determining if the cluster is located in EU 
+   - Predefined defaults for the optional properties:
+     - Kubernetes version
+     - Machine image version
+   - Predefined configuration for the following functionalities:
+     - configuring DNS extension 
+     - configuring Certificates extension
+     - providing maintenance settings (Kubernetes, and image autoupdates)
+ - Upgrading, and deleting shoots for corresponding `Runtime` CRs
+ - Applying audit log configuration on the shoot resource
+ - Generating kubeconfig
 # API proposal
@@ -46,6 +58,7 @@ Please mind that the `Runtime` CR should contain the following labels: subAccount-id shoot-name region
+ platform-region kymaName

diff --git a/docs/adr/ b/docs/adr/
index ff3dfd20..f9125231 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -3,7 +3,7 @@ This document defines architecture, and API for the Gardener cluster provisionin
 # Target architecture
-The following picture shows the agreed architecture:
+The following picture shows the proposed architecture:
 > Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality includes renaming the CR to maintain consistency.

 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index f9125231..c1b2bbc1 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -26,7 +26,7 @@ The Kyma Environment Broker has the following responsibilities:
     - Cluster administrators list
     - Egress network filter settings
     - Control Plane failure tolerance config
-  - Observing status of the CR to determine whether provisioning succeeded
+- Observing status of the CR to determine whether provisioning succeeded
  The Kyma Infrastructure Manager has the following responsibilities:
 - Creating shoots based on:

 docs/adr/ | 46 ++++++++++++++++++++--------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index c1b2bbc1..38fb3649 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -1,24 +1,24 @@
 # Introduction
-This document defines architecture, and API for the Gardener cluster provisioning functionality.
+This document defines the architecture and API for the Gardener cluster provisioning functionality.
 # Target architecture
-The following picture shows the proposed architecture:
+The following diagram shows the proposed architecture:
-> Note: at the time of writing the `GardenerCluster` CR is used for generating kubeconfig. The [workplan]( for delivering provisioning functionality includes renaming the CR to maintain consistency.
+> Note: At the time of writing, the GardenerCluster CR was used to generate kubeconfig. The [workplan]( for delivering provisioning functionality includes renaming the CR to maintain consistency.
 The following assumptions were taken:
-- Kyma Environment Broker should not contain all the details of the cluster infrastructure.
-- Kyma Infrastructure Manager's API should expose properties that:
+- Kyma Environment Broker must not contain all the details of the cluster infrastructure.
+- Kyma Infrastructure Manager's API must expose properties that:
   - can be set in the BTP cockpit by the user
   - are directly related to plans in the KEB
-- Kyma Infrastructure Manager's API should not expose properties that are:
+- Kyma Infrastructure Manager's API must not expose properties that are:
   - hardcoded in the Provisioner, or the KEB
   - statically configured in the management-plane-config
-The Kyma Environment Broker has the following responsibilities:  
-- Creating `Runtime` CR containing the following data:
+Kyma Environment Broker has the following responsibilities:  
+- Create Runtime CR containing the following data:
     - Provider config (type, region, and secret with credentials for hyperscaler)
     - Worker pool specification
     - Cluster networking settings (nodes, pods, and services API ranges)
@@ -26,10 +26,10 @@ The Kyma Environment Broker has the following responsibilities:
     - Cluster administrators list
     - Egress network filter settings
     - Control Plane failure tolerance config
-- Observing status of the CR to determine whether provisioning succeeded
+- Observe the status of the CR to determine whether provisioning succeeded
- The Kyma Infrastructure Manager has the following responsibilities:
-- Creating shoots based on:
+ Kyma Infrastructure Manager has the following responsibilities:
+- Create shoots based on:
    - Corresponding `Runtime` CR properties
    - Corresponding `Runtime` CR labels:
      -  `` for determining if the cluster is located in EU 
@@ -40,15 +40,15 @@ The Kyma Environment Broker has the following responsibilities:
      - configuring DNS extension 
      - configuring Certificates extension
      - providing maintenance settings (Kubernetes, and image autoupdates)
- - Upgrading, and deleting shoots for corresponding `Runtime` CRs
- - Applying audit log configuration on the shoot resource
- - Generating kubeconfig
+ - Upgrade and delete shoots for the corresponding `Runtime` CRs
+ - Apply the audit log configuration on the shoot resource
+ - Generate the kubeconfig
 # API proposal
 ## CR examples
-Please mind that the `Runtime` CR should contain the following labels:
+MInd that the Runtime CR must contain the following labels:
 ```yaml instance-id runtime-id
@@ -64,7 +64,7 @@ Please mind that the `Runtime` CR should contain the following labels:
 The labels are skipped in the following examples due to clarity.
-The example below shows the CR that should be created by the KEB to provision AWS production cluster:
+The example below shows the CR that must be created by the KEB to provision the AWS production cluster:
 kind: Runtime
@@ -133,13 +133,13 @@ spec:
 There are some additional optional fields that could be specified:
-- `spec.shoot.kubernetes.version` ; if not provided default value will be read by the KIM from configuration
-- `spec.shoot.workers.machine.image` ; if not provided default value will be read by the KIM from configuration
-- `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no addition OIDC provider will be configured
-- `` ; if not provided, some hardcoded name will be used
-- `` ; if not provided `false` value will be used
+- `spec.shoot.kubernetes.version` ; if not provided, the default value will be read by the KIM from the configuration
+- `spec.shoot.workers.machine.image` ; if not provided, the default value will be read by the KIM from the configuration
+- `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no additional OIDC provider will be configured
+- `` ; if not provided, a hardcoded name will be used
+- `` ; if not provided, the `false` value will be used
-The following example shows what `Runtime` CR should be created to provision a cluster with additional OIDC provider, and ingress network filtering enabled:
+The following example shows the Runtime CR that must be created to provision a cluster with an additional OIDC provider and to enable ingress network filtering:
 kind: Runtime
@@ -235,7 +235,7 @@ spec:
 > Note: please mind that the additional OIDC providers, and ingress network filtering will not be implemented in the first release.
-Please, see the following examples to understand what CRs need to be created for particular KEB plans:
+Please see the following examples to understand what CRs must be created for particular KEB plans:
 - [AWS trial plan](assets/runtime-examples/aws-trial.yaml)
 - [Azure](assets/runtime-examples/azure.yaml)
 - [Azure lite](assets/runtime-examples/azure-lite.yaml)

   namespace: kcp-system
-    # Set by the KEB, required
+    # is required
     name: shoot-name
-    # Set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: evaluation
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -31,56 +35,52 @@ spec:
             - RS256
           usernameClaim: sub
-      ## Provided by the KEB, required
       type: aws
-      ## Provided by the KEB, required
-      region: eu-central-1
-      # Provided by the KEB, required.
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: zone
       - machine:
-          # Set by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: m5.xlarge
-          # Optional, when not provider default will be used
+          # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # Provided by the KEB, required for the first release
-        # Finally can be moved into KIM, as it is hardcoded in KEB
+        # spec.shoot.workers.volume is required for the first release
+        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: gp2
           size: 50Gi
-        # Provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
-        # Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # Provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 1
-        # Provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 1
-        # Provided by the KEB, required in the first release.
-        # It can be optional removed in the future, as it equals to zone count
+        # spec.shoot.workers.maxSurge is required in the first release.
+        # It can be optional in the future, as it equals to zone count
         maxSurge: 1
-        # Provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
+        # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # Provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,44 +36,41 @@ spec:
           usernameClaim: sub
       type: aws
-      region: eu-central-1
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: node
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: m6i.large
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
           - eu-central-1b
           - eu-central-1c
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: evaluation
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,42 +36,39 @@ spec:
           usernameClaim: sub
       type: aws
-      region: eu-central-1
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: mx5.large
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 1
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 1
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
-    # Will be modified by the SRE
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      # Will be modified by the SRE
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -33,7 +37,7 @@ spec:
           - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -42,61 +46,59 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is provided by the KEB, required
+    ## spec.shoot.provider is required
       type: aws
-      region: eu-central-1
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: m6i.large
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # spec.shoot.workers.volume is required for the first release
         # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: gp2
           size: 50Gi
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
           - eu-central-1b
           - eu-central-1c
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-        # will be provided by the KEB, optional (default=false)
+        # is optional (default=false), not implemented in the first KIM release
           enabled: true
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is set required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: evaluation
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,42 +36,39 @@ spec:
           usernameClaim: sub
       type: aws
-      region: eu-central-1
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: node
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: mx5.large
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 1
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 1
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: eastus
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -30,57 +34,54 @@ spec:
           - RS256
         usernameClaim: sub
-    ## spec.shoot.provider is provided by the KEB, required
+    # spec.shoot.provider is required
       type: aws
-      region: eastus
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    # spec.shoot.controlPlane is optional, default=nil
           type: node
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: Standard_D4s_v5
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # spec.shoot.workers.volume is required for the first release
         # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: Standard_LRS
           size: 50Gi
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eastus1
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 2
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 10
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: eastus
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,7 +36,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -41,62 +45,59 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is provided by the KEB, required
+    ## spec.shoot.provider is required
       type: aws
-      region: eastus
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type provided is required
           type: Standard_D2s_v5
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # spec.shoot.workers.volume is required for the first release
         # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: Standard_LRS
           size: 50Gi
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eastus1
           - eastus2
           - eastus3
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-        # will be provided by the KEB, optional (default=false)
+        # is optional (default=false)
           enabled: true
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: europe-west3
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,7 +36,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -41,62 +45,59 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is provided by the KEB, required
+    ## spec.shoot.provider is required
       type: aws
-      region: europe-west3
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, optional, default=nil
+    # spec.shoot.controlPlane is optional, default=nil
           type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: n2-standard-2
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # spec.shoot.workers.volume is required for the first release
         # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: pd-standard
           size: 50Gi
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - europe-west3a
           - europe-west3b
           - europe-west3c
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-        # will be provided by the KEB, optional (default=false)
+        # is optional (default=false)
           enabled: true
-    # is provided by the KEB, required
+    # is required
\ No newline at end of file
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: eu-de-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -32,7 +36,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -41,25 +45,22 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is provided by the KEB, required
+    ## spec.shoot.provider is required
       type: openstack
-      region: eu-de-1
-      # We must consider whether it makes sense to move HAP into KIM
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: g_c2_m8
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
@@ -72,27 +73,27 @@ spec:
           - eu-de-1a
           - eu-de-1b
           - eu-de-1d
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-        # will be provided by the KEB, optional (default=false)
+        # is optional (default=false)
           enabled: true
-    # is provided by the KEB, required
+    # is required
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -87,47 +91,44 @@ spec:
             - RS256
           usernameClaim: sub
-    # spec.shoot.provider is provided by the KEB, required
       type: aws
-      region: eu-central-1
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
           type: node
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: m6i.large
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
           - eu-central-1b
           - eu-central-1c
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-    # is provided by the KEB, required
+    # is required
@@ -148,16 +149,20 @@ metadata:
   namespace: kcp-system
-    # is set by the KEB, required
+    # is required
     name: shoot-name
-    # spec.shoot.purpose is set by the KEB, required
+    # spec.shoot.purpose is required
     purpose: production
-    # Will be modified by the SRE
+    # spec.shoot.region is required
+    region: eu-central-1
+    # spec.shoot.secretBindingName is required
+    secretBindingName: "hyperscaler secret"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
+      # Will be modified by the SRE
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is provided by the KEB, required
+        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -165,7 +170,7 @@ spec:
           - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is provided by the KEB, optional, not implemented in the first KIM release
+        # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -174,62 +179,60 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    # spec.shoot.provider is provided by the KEB, required
+    ## spec.shoot.provider is required
       type: aws
-      region: eu-central-1
-      secretBindingName: "hyperscaler secret"
-    # spec.shoot.Networking is Provided by the KEB, required
+    # spec.shoot.Networking is required
-    # spec.shoot.controlPlane is provided by the KEB, required
+    # spec.shoot.controlPlane is required
-          type: node
+          type: zone
       - machine:
-          # spec.shoot.workers.machine.type provided by the KEB, required
+          # spec.shoot.workers.machine.type is required
           type: m6i.large
           # spec.shoot.workers.machine.image is optional, when not provider default will be used
           # Will be modified by the SRE
             name: gardenlinux
             version: 1312.3.0
-        # spec.shoot.workers.volume is provided by the KEB, required for the first release
+        # spec.shoot.workers.volume is required for the first release
         # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
           type: gp2
           size: 50Gi
-        # spec.shoot.workers.zones is provided by the KEB, required
+        # spec.shoot.workers.zones is required
           - eu-central-1a
           - eu-central-1b
           - eu-central-1c
-        # is provided by the KEB. Optional, if not provided default will be used
+        # is optional, if not provided default will be used
         name: cpu-worker-0
-        # spec.shoot.workers.minimum is provided by the KEB, required
+        # spec.shoot.workers.minimum is required
         minimum: 3
-        # spec.shoot.workers.maximum is provided by the KEB, required
+        # spec.shoot.workers.maximum is required
         maximum: 20
-        # spec.shoot.workers.maxSurge is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxSurge is required in the first release.
         # It can be optional in the future, as it equals to zone count
         maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is provided by the KEB, required in the first release.
+        # spec.shoot.workers.maxUnavailable is required in the first release.
         # It can be optional in the future, as it is always set to 0
         maxUnavailable:  0
-        # is provided by the KEB, required
+        # is required
           enabled: false
-        # will be provided by the KEB, optional (default=false)
+        # is optional (default=false), not implemented in the first KIM release
           enabled: true
-    # is provided by the KEB, required
+    # is required
@@ -250,6 +253,7 @@ package v1
 import (
 	gardener ""
 	metav1 ""
+	""
 type Runtime struct {
@@ -266,18 +270,20 @@ type RuntimeSpec struct {
 type Shoot struct {
-	Name       string             `json:"name"`
-	Purpose    string             `json:"purpose"`
-	Kubernetes Kubernetes         `json:"kubernetes"`
-	Provider   Provider           `json:"provider"`
-	Networking Networking         `json:"networking"`
-	Workers    *[]gardener.Worker `json:"workers,omitempty"`
+	Name              string             `json:"name"`
+	Purpose           string             `json:"purpose"`
+	Region            string             `json:"region"`
+	SecretBindingName string             `json:"secretBindingName"`
+	Kubernetes        Kubernetes         `json:"kubernetes"`
+	Provider          Provider           `json:"provider"`
+	Networking        Networking         `json:"networking"`
+	Workers           *[]gardener.Worker `json:"workers,omitempty"`
 type Provider struct {
-	Type              string `json:"type"`
-	Region            string `json:"region"`
-	SecretBindingName string `json:"secretBindingName"`
+	Type                 string                `json:"type"`
+	ControlPlaneConfig   *runtime.RawExtension `json:"controlPlaneConfig,omitempty"`
+	InfrastructureConfig *runtime.RawExtension `json:"infrastructureConfig,omitempty"`
 type Networking struct {

From af9a219ce00fa515d95033f099469bc5e317a53e Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 08:34:59 +0200
Subject: [PATCH 33/49] Added Provider Specific Config to the examples

 .../assets/runtime-examples/aws-freemium.yaml | 18 ++++++++++++-
 .../assets/runtime-examples/aws-minimal.yaml  | 24 +++++++++++++++++
 .../assets/runtime-examples/aws-trial.yaml    | 18 ++++++++++++-
 docs/adr/assets/runtime-examples/aws.yaml     | 26 ++++++++++++++++++-
 .../runtime-examples/azure-fremium.yaml       | 19 +++++++++++++-
 .../assets/runtime-examples/azure-lite.yaml   | 19 +++++++++++++-
 docs/adr/assets/runtime-examples/azure.yaml   | 26 +++++++++++++++++--
 docs/adr/assets/runtime-examples/gcp.yaml     | 14 +++++++++-
 .../runtime-examples/sap-converged-cloud.yaml | 12 +++++++++
 9 files changed, 168 insertions(+), 8 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 70067d62..2dfa5323 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -36,6 +36,22 @@ spec:
           usernameClaim: sub
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        kind: InfrastructureConfig
+        apiVersion:
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - name: eu-central-1b
+              internal:
+              public:
+              workers:
     # spec.shoot.Networking is required
@@ -62,7 +78,7 @@ spec:
           size: 50Gi
         # spec.shoot.workers.zones is required
-          - eu-central-1a
+          - eu-central-1b
         # is optional, if not provided default will be used
         name: cpu-worker-0
         # spec.shoot.workers.minimum is required
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index 6c4bf1f0..fd3f09e6 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -36,6 +36,30 @@ spec:
           usernameClaim: sub
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - internal:
+              name: eu-central-1c
+              public:
+              workers:
+            - internal:
+              name: eu-central-1b
+              public:
+              workers:
+            - internal:
+              name: eu-central-1a
+              public:
+              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index 1f4517d1..636bd871 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -36,6 +36,22 @@ spec:
           usernameClaim: sub
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        kind: InfrastructureConfig
+        apiVersion:
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - name: eu-central-1b
+              internal:
+              public:
+              workers:
     # spec.shoot.Networking is required
@@ -52,7 +68,7 @@ spec:
           type: mx5.large
         # spec.shoot.workers.zones is required
-          - eu-central-1a
+          - eu-central-1b
         # spec.shoot.workers.minimum is required
         minimum: 1
         # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index bf75089d..8fb3fe78 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -46,9 +46,33 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is required
+      ## spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - internal:
+              name: eu-central-1c
+              public:
+              workers:
+            - internal:
+              name: eu-central-1b
+              public:
+              workers:
+            - internal:
+              name: eu-central-1a
+              public:
+              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index ffd75ea8..d61da7b0 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -35,7 +35,24 @@ spec:
             - RS256
           usernameClaim: sub
-      type: aws
+      type: azure
+      # spec.shoot.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vnet:
+            cidr:
+          zones:
+            - cidr:
+              name: 1
+              natGateway:
+                enabled: true
+                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index f214560e..a2fbcc4d 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -36,7 +36,24 @@ spec:
         usernameClaim: sub
     # spec.shoot.provider is required
-      type: aws
+      type: azure
+      # spec.shoot.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vnet:
+            cidr:
+          zones:
+            - cidr:
+              name: 1
+              natGateway:
+                enabled: true
+                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 383dff61..7496755e 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -45,9 +45,31 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is required
+    # spec.shoot.provider is required
-      type: aws
+      type: azure
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vnet:
+            cidr:
+          zones:
+            - cidr:
+              name: 1
+              natGateway:
+                enabled: true
+                idleConnectionTimeoutMinutes: 4
+            - cidr:
+              name: 2
+              natGateway:
+                enabled: true
+                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 6f3b5a38..e7ca9076 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -47,7 +47,19 @@ spec:
             usernamePrefix: 'someother'
     ## spec.shoot.provider is required
-      type: aws
+      type: gcp
+      # spec.shoot.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+        zone: us-central1-b
+      # spec.shoot.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          worker:
+          workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 74ccaab5..1ad714fa 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -48,6 +48,18 @@ spec:
     ## spec.shoot.provider is required
       type: openstack
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+        loadBalancerProvider: f5
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        floatingPoolName: FloatingIP-external-kyma-01
+        kind: InfrastructureConfig
+        networks:
+          workers:
     # spec.shoot.Networking is required

From b379f6355ece741c6b43c989441394aa56674e1c Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 08:56:07 +0200
Subject: [PATCH 34/49] Licence type added

 docs/adr/assets/runtime-examples/aws-trial.yaml  | 2 ++
 docs/adr/assets/runtime-examples/azure-lite.yaml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index 636bd871..35db3cd1 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -20,6 +20,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: evaluation
+    # spec.shoot.licenceType is optional, default=nil
+    licenceType: "TestDevelopmentAndDemo"
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.secretBindingName is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index a2fbcc4d..f44d90cb 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eastus
+    # spec.shoot.licenceType is optional, default=nil
+    licenceType: "TestDevelopmentAndDemo"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"

From a3267a8a0201a6a3beebfcdbfecdf83650a36f56 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 09:35:08 +0200
Subject: [PATCH 35/49] Optional seedName added

 .../assets/runtime-examples/aws-freemium.yaml |  1 +
 .../assets/runtime-examples/aws-minimal.yaml  |  3 +-
 .../assets/runtime-examples/aws-trial.yaml    |  3 +-
 docs/adr/assets/runtime-examples/aws.yaml     |  6 +-
 .../runtime-examples/azure-fremium.yaml       |  3 +-
 .../assets/runtime-examples/azure-lite.yaml   |  3 +-
 docs/adr/assets/runtime-examples/azure.yaml   |  7 ++-
 docs/adr/assets/runtime-examples/gcp.yaml     |  9 ++-
 .../runtime-examples/sap-converged-cloud.yaml |  9 ++-
 docs/adr/                      | 62 ++++++++++++++++++-
 10 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 2dfa5323..a4e0e00f 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -35,6 +35,7 @@ spec:
             - RS256
           usernameClaim: sub
+      # spec.shoot.provider.type is required
       type: aws
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index fd3f09e6..a2a67ccd 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -26,7 +26,7 @@ spec:
     secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -35,6 +35,7 @@ spec:
             - RS256
           usernameClaim: sub
+      # spec.shoot.provider.type is required
       type: aws
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index 35db3cd1..b1067f8d 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -28,7 +28,7 @@ spec:
     secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -37,6 +37,7 @@ spec:
             - RS256
           usernameClaim: sub
+      # spec.shoot.provider.type is required
       type: aws
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 8fb3fe78..c6e420e6 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -20,6 +20,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.seedName is optional, default=nil
+    seedName: aws-ha-eu1
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.secretBindingName is required
@@ -29,7 +31,7 @@ spec:
       # Will be modified by the SRE
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -47,7 +49,7 @@ spec:
             usernameClaim: sub
             usernamePrefix: 'someother'
-      ## spec.shoot.provider.type is required
+      # spec.shoot.provider.type is required
       type: aws
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index d61da7b0..2b0cda29 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -26,7 +26,7 @@ spec:
     secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -35,6 +35,7 @@ spec:
             - RS256
           usernameClaim: sub
+      # spec.shoot.provider.type is required
       type: azure
       # spec.shoot.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index f44d90cb..7535f5b9 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -28,7 +28,7 @@ spec:
     secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -38,6 +38,7 @@ spec:
         usernameClaim: sub
     # spec.shoot.provider is required
+      # spec.shoot.provider.type is required
       type: azure
       # spec.shoot.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 7496755e..ab09fa7b 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -20,6 +20,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.seedName is optional, default=nil
+    seedName: az-ha-us2
     # spec.shoot.region is required
     region: eastus
     # spec.shoot.secretBindingName is required
@@ -28,7 +30,7 @@ spec:
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -36,7 +38,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
+        # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -47,6 +49,7 @@ spec:
             usernamePrefix: 'someother'
     # spec.shoot.provider is required
+      # spec.shoot.provider.type is required
       type: azure
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index e7ca9076..de49dfbb 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -20,6 +20,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.seedName is optional, default=nil
+    seedName: gcp-ha-us1
     # spec.shoot.region is required
     region: europe-west3
     # spec.shoot.secretBindingName is required
@@ -28,7 +30,7 @@ spec:
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -36,7 +38,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
+        # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -45,8 +47,9 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is required
+    # spec.shoot.provider is required
+      # spec.shoot.provider.type is required
       type: gcp
       # spec.shoot.controlPlaneConfig is required
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 1ad714fa..9dcbadd7 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -20,6 +20,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.region is optional, default=nil
+    seedName: cc-ha-eu1
     # spec.shoot.region is required
     region: eu-de-1
     # spec.shoot.secretBindingName is required
@@ -28,7 +30,7 @@ spec:
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -36,7 +38,7 @@ spec:
             - RS256
           usernameClaim: sub
-        ## spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
+        # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
           - clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
             groupsClaim: groups
@@ -45,8 +47,9 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is required
+    # spec.shoot.provider is required
+      # spec.shoot.provider.type is required
       type: openstack
       # spec.shoot.provider.controlPlaneConfig is required
diff --git a/docs/adr/ b/docs/adr/
index f570603e..55b4ed07 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -21,6 +21,7 @@ Kyma Environment Broker has the following responsibilities:
 - Create Runtime CR containing the following data:
     - Provider config (type, region, and secret with credentials for hyperscaler)
     - Worker pool specification
+    - Provider specific config
     - Cluster networking settings (nodes, pods, and services API ranges)
     - OIDC settings
     - Cluster administrators list
@@ -92,7 +93,32 @@ spec:
             - RS256
           usernameClaim: sub
+      ## spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - internal:
+              name: eu-central-1c
+              public:
+              workers:
+            - internal:
+              name: eu-central-1b
+              public:
+              workers:
+            - internal:
+              name: eu-central-1a
+              public:
+              workers:
     # spec.shoot.Networking is required
@@ -153,6 +179,8 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
+    # spec.shoot.seedName is optional, default=nil
+    seedName: aws-ha-eu1
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.secretBindingName is required
@@ -168,7 +196,7 @@ spec:
           groupsClaim: groups
-          - RS256
+            - RS256
           usernameClaim: sub
         # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
@@ -179,9 +207,33 @@ spec:
               - RS256
             usernameClaim: sub
             usernamePrefix: 'someother'
-    ## spec.shoot.provider is required
+      ## spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.controlPlaneConfig is required
+      controlPlaneConfig:
+        apiVersion:
+        kind: ControlPlaneConfig
+      # spec.shoot.provider.infrastructureConfig is required
+      infrastructureConfig:
+        apiVersion:
+        kind: InfrastructureConfig
+        networks:
+          vpc:
+            cidr:
+          zones:
+            - internal:
+              name: eu-central-1c
+              public:
+              workers:
+            - internal:
+              name: eu-central-1b
+              public:
+              workers:
+            - internal:
+              name: eu-central-1a
+              public:
+              workers:
     # spec.shoot.Networking is required
@@ -248,7 +300,7 @@ Please see the following examples to understand what CRs must be created for par
 ## API structures
-package v1
+package v2
 import (
 	gardener ""
@@ -273,6 +325,8 @@ type Shoot struct {
 	Name              string             `json:"name"`
 	Purpose           string             `json:"purpose"`
 	Region            string             `json:"region"`
+	SeedName          *string            `json:"seedName,omitempty"`
+	LicenceType       *string            `json:"licenceType,omitempty"`
 	SecretBindingName string             `json:"secretBindingName"`
 	Kubernetes        Kubernetes         `json:"kubernetes"`
 	Provider          Provider           `json:"provider"`
@@ -339,4 +393,6 @@ type RuntimeStatus struct {
 	// +listMapKey=type
 	Conditions []metav1.Condition `json:"conditions,omitempty"`

From 5e598bdb4893deeb3966ae9a5126b703ced5f992 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 09:39:36 +0200
Subject: [PATCH 36/49] Adjusted to ADR format

 docs/adr/ | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 55b4ed07..2022448f 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -1,7 +1,10 @@
-# Introduction
+# Context
 This document defines the architecture and API for the Gardener cluster provisioning functionality.
-# Target architecture
+# Status
+# Decision
 The following diagram shows the proposed architecture:
@@ -45,9 +48,9 @@ Kyma Environment Broker has the following responsibilities:
  - Apply the audit log configuration on the shoot resource
  - Generate the kubeconfig
-# API proposal
+## API proposal
-## CR examples
+### CR examples
 MInd that the Runtime CR must contain the following labels:

From c12ce307dc7aef8bc887808ec2c5c41fa58227d6 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 10:42:40 +0200
Subject: [PATCH 37/49] Added information on the additional fields

 docs/adr/ | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 2022448f..3f00643f 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -163,9 +163,11 @@ spec:
 There are some additional optional fields that could be specified:
+- `spec.shoot.seedName` ; if not provided `nil` value will be used
+- `spec.shoot.seedName.licenceType` ; if not provided `nil` value will be used 
 - `spec.shoot.kubernetes.version` ; if not provided, the default value will be read by the KIM from the configuration
-- `spec.shoot.workers.machine.image` ; if not provided, the default value will be read by the KIM from the configuration
 - `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no additional OIDC provider will be configured
+- `spec.shoot.workers.machine.image` ; if not provided, the default value will be read by the KIM from the configuration
 - `` ; if not provided, a hardcoded name will be used
 - `` ; if not provided, the `false` value will be used

From 2a54485d8ae411faddddbae0564d8e56fdcc07eb Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 10:47:05 +0200
Subject: [PATCH 38/49] File renamed

 docs/adr/{ =>} | 0
 docs/adr/                                | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename docs/adr/{ =>} (100%)

diff --git a/docs/adr/ b/docs/adr/
similarity index 100%
rename from docs/adr/
rename to docs/adr/
diff --git a/docs/adr/ b/docs/adr/
index 8e4669d2..0fb75fd6 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -4,5 +4,5 @@ This folder contains architecture decision records.
 # Documents
-- [Provisioning functionality](./
+- [Provisioning functionality](./

From 5a52cb38101d7480c14631444f9c1e177c6ab352 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 10:56:33 +0200
Subject: [PATCH 39/49] Mentioned creating cluster role bindings

 docs/adr/ | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/adr/ b/docs/adr/
index 3f00643f..0f1d7794 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -46,6 +46,7 @@ Kyma Environment Broker has the following responsibilities:
      - providing maintenance settings (Kubernetes, and image autoupdates)
  - Upgrade and delete shoots for the corresponding `Runtime` CRs
  - Apply the audit log configuration on the shoot resource
+ - Create cluster role bindings for administrators
  - Generate the kubeconfig
 ## API proposal

From 52234ed773ff0c0477f4dedebd67372f5fb948df Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 12:27:59 +0200
Subject: [PATCH 40/49] Update docs/adr/

Co-authored-by: Benjamin Somhegyi <>
 docs/adr/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/adr/ b/docs/adr/
index 0f1d7794..327dc21d 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -165,7 +165,7 @@ spec:
 There are some additional optional fields that could be specified:
 - `spec.shoot.seedName` ; if not provided `nil` value will be used
-- `spec.shoot.seedName.licenceType` ; if not provided `nil` value will be used 
+- `spec.shoot.licenceType` ; if not provided `nil` value will be used 
 - `spec.shoot.kubernetes.version` ; if not provided, the default value will be read by the KIM from the configuration
 - `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no additional OIDC provider will be configured
 - `spec.shoot.workers.machine.image` ; if not provided, the default value will be read by the KIM from the configuration

From aba00807c748920409c77598ea99045e115b4481 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 12:30:28 +0200
Subject: [PATCH 41/49] Removed seed name

 docs/adr/assets/runtime-examples/aws.yaml                 | 2 --
 docs/adr/assets/runtime-examples/azure.yaml               | 2 --
 docs/adr/assets/runtime-examples/gcp.yaml                 | 2 --
 docs/adr/assets/runtime-examples/sap-converged-cloud.yaml | 2 --
 4 files changed, 8 deletions(-)

diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index c6e420e6..1a17b40d 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -20,8 +20,6 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
-    # spec.shoot.seedName is optional, default=nil
-    seedName: aws-ha-eu1
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.secretBindingName is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index ab09fa7b..5ecb2d34 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -20,8 +20,6 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
-    # spec.shoot.seedName is optional, default=nil
-    seedName: az-ha-us2
     # spec.shoot.region is required
     region: eastus
     # spec.shoot.secretBindingName is required
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index de49dfbb..684e8550 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -20,8 +20,6 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
-    # spec.shoot.seedName is optional, default=nil
-    seedName: gcp-ha-us1
     # spec.shoot.region is required
     region: europe-west3
     # spec.shoot.secretBindingName is required
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 9dcbadd7..71c65a76 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -20,8 +20,6 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
-    # spec.shoot.region is optional, default=nil
-    seedName: cc-ha-eu1
     # spec.shoot.region is required
     region: eu-de-1
     # spec.shoot.secretBindingName is required

From 7dc7e90ae767e37cc38f9b18760a00f153c4344e Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 18:26:43 +0200
Subject: [PATCH 42/49] Fixed hierarchy to have the same as in the shoot

 docs/adr/                  | 136 ++++++++++--------
 .../assets/runtime-examples/aws-freemium.yaml |  59 ++++----
 .../assets/runtime-examples/aws-minimal.yaml  |  39 ++---
 .../assets/runtime-examples/aws-trial.yaml    |  35 ++---
 docs/adr/assets/runtime-examples/aws.yaml     |  63 ++++----
 .../runtime-examples/azure-fremium.yaml       |  35 ++---
 .../assets/runtime-examples/azure-lite.yaml   |  59 ++++----
 docs/adr/assets/runtime-examples/azure.yaml   |  63 ++++----
 docs/adr/assets/runtime-examples/gcp.yaml     |  63 ++++----
 .../runtime-examples/sap-converged-cloud.yaml |  55 +++----
 10 files changed, 319 insertions(+), 288 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 327dc21d..475ad4a3 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -74,6 +74,17 @@ The example below shows the CR that must be created by the KEB to provision the
 kind: Runtime
+  labels:
+ instance-id
+ runtime-id
+ plan-id
+ plan-name
+ global-account-id
+ subAccount-id
+ shoot-name
+ region
+ platform-region
+ kymaName
   name: runtime-id
   namespace: kcp-system
@@ -88,7 +99,7 @@ spec:
     secretBindingName: "hyperscaler secret"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
@@ -97,8 +108,28 @@ spec:
             - RS256
           usernameClaim: sub
-      ## spec.shoot.provider.type is required
+      # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: m6i.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -133,25 +164,6 @@ spec:
           type: node
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: m6i.large
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1a
-          - eu-central-1b
-          - eu-central-1c
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
@@ -177,6 +189,17 @@ The following example shows the Runtime CR that must be created to provision a c
 kind: Runtime
+  labels:
+ instance-id
+ runtime-id
+ plan-id
+ plan-name
+ global-account-id
+ subAccount-id
+ shoot-name
+ region
+ platform-region
+ kymaName
   name: runtime-id
   namespace: kcp-system
@@ -185,8 +208,6 @@ spec:
     name: shoot-name
     # spec.shoot.purpose is required
     purpose: production
-    # spec.shoot.seedName is optional, default=nil
-    seedName: aws-ha-eu1
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.secretBindingName is required
@@ -196,13 +217,13 @@ spec:
       # Will be modified by the SRE
       version: "1.28.7"
-        ## spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
+        # spec.shoot.kubernetes.kubeAPIServer.oidcConfig is required
           clientID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
           groupsClaim: groups
-            - RS256
+          - RS256
           usernameClaim: sub
         # spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig is optional, not implemented in the first KIM release
@@ -214,8 +235,40 @@ spec:
             usernameClaim: sub
             usernamePrefix: 'someother'
-      ## spec.shoot.provider.type is required
+      # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: m6i.large
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: gp2
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -250,37 +303,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: m6i.large
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: gp2
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1a
-          - eu-central-1b
-          - eu-central-1c
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index a4e0e00f..9b036258 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -37,6 +37,36 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: m5.xlarge
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: gp2
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1b
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 1
+          # spec.shoot.workers.maximum is required
+          maximum: 1
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 1
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -63,35 +93,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: m5.xlarge
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: gp2
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1b
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 1
-        # spec.shoot.workers.maximum is required
-        maximum: 1
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index a2a67ccd..72176e4a 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -37,6 +37,26 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: m6i.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -71,25 +91,6 @@ spec:
           type: node
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: m6i.large
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1a
-          - eu-central-1b
-          - eu-central-1c
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index b1067f8d..44ed3041 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -39,6 +39,24 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: mx5.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1b
+          # spec.shoot.workers.minimum is required
+          minimum: 1
+          # spec.shoot.workers.maximum is required
+          maximum: 1
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 1
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -65,23 +83,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: mx5.large
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1b
-        # spec.shoot.workers.minimum is required
-        minimum: 1
-        # spec.shoot.workers.maximum is required
-        maximum: 1
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 1a17b40d..8022b7d9 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -49,6 +49,38 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: m6i.large
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: gp2
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -83,37 +115,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: m6i.large
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: gp2
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1a
-          - eu-central-1b
-          - eu-central-1c
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index 2b0cda29..312e0673 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -37,6 +37,24 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: mx5.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+          # spec.shoot.workers.minimum is required
+          minimum: 1
+          # spec.shoot.workers.maximum is required
+          maximum: 1
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 1
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.controlPlaneConfig is required
@@ -64,23 +82,6 @@ spec:
           type: node
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: mx5.large
-        # spec.shoot.workers.zones is required
-        zones:
-          - eu-central-1a
-        # spec.shoot.workers.minimum is required
-        minimum: 1
-        # spec.shoot.workers.maximum is required
-        maximum: 1
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 7535f5b9..6136f5b3 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -40,6 +40,36 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: Standard_D4s_v5
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: Standard_LRS
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - eastus1
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 2
+          # spec.shoot.workers.maximum is required
+          maximum: 10
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 1
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.controlPlaneConfig is required
@@ -67,35 +97,6 @@ spec:
           type: node
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: Standard_D4s_v5
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: Standard_LRS
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - eastus1
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 2
-        # spec.shoot.workers.maximum is required
-        maximum: 10
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 1
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 5ecb2d34..029767db 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -49,6 +49,38 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type provided is required
+            type: Standard_D2s_v5
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: Standard_LRS
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - eastus1
+            - eastus2
+            - eastus3
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -81,37 +113,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type provided is required
-          type: Standard_D2s_v5
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: Standard_LRS
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - eastus1
-          - eastus2
-          - eastus3
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 684e8550..0b0b73a7 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -49,6 +49,38 @@ spec:
       # spec.shoot.provider.type is required
       type: gcp
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: n2-standard-2
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # spec.shoot.workers.volume is required for the first release
+          # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
+          volume:
+            type: pd-standard
+            size: 50Gi
+          # spec.shoot.workers.zones is required
+          zones:
+            - europe-west3a
+            - europe-west3b
+            - europe-west3c
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.controlPlaneConfig is required
@@ -71,37 +103,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: n2-standard-2
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # spec.shoot.workers.volume is required for the first release
-        # Probably can be moved into KIM, as it is hardcoded in KEB, and not dependent on plan
-        volume:
-          type: pd-standard
-          size: 50Gi
-        # spec.shoot.workers.zones is required
-        zones:
-          - europe-west3a
-          - europe-west3b
-          - europe-west3c
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 71c65a76..ca3e9352 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -49,6 +49,34 @@ spec:
       # spec.shoot.provider.type is required
       type: openstack
+      # spec.shoot.provider.workers is required
+      workers:
+        - machine:
+            # spec.shoot.workers.machine.type is required
+            type: g_c2_m8
+            # spec.shoot.workers.machine.image is optional, when not provider default will be used
+            # Will be modified by the SRE
+            image:
+              name: gardenlinux
+              version: 1312.3.0
+          # Note: KEB doesn't specify the volume, Gardener defaults used
+          # spec.shoot.workers.zones is provided by the KEB, required
+          zones:
+            - eu-de-1a
+            - eu-de-1b
+            - eu-de-1d
+          # is optional, if not provided default will be used
+          name: cpu-worker-0
+          # spec.shoot.workers.minimum is required
+          minimum: 3
+          # spec.shoot.workers.maximum is required
+          maximum: 20
+          # spec.shoot.workers.maxSurge is required in the first release.
+          # It can be optional in the future, as it equals to zone count
+          maxSurge: 3
+          # spec.shoot.workers.maxUnavailable is required in the first release.
+          # It can be optional in the future, as it is always set to 0
+          maxUnavailable: 0
       # spec.shoot.provider.controlPlaneConfig is required
@@ -71,33 +99,6 @@ spec:
           type: zone
-    workers:
-      - machine:
-          # spec.shoot.workers.machine.type is required
-          type: g_c2_m8
-          # spec.shoot.workers.machine.image is optional, when not provider default will be used
-          # Will be modified by the SRE
-          image:
-            name: gardenlinux
-            version: 1312.3.0
-        # Note: KEB doesn't specify the volume, Gardener defaults used
-        # spec.shoot.workers.zones is provided by the KEB, required
-        zones:
-          - eu-de-1a
-          - eu-de-1b
-          - eu-de-1d
-        # is optional, if not provided default will be used
-        name: cpu-worker-0
-        # spec.shoot.workers.minimum is required
-        minimum: 3
-        # spec.shoot.workers.maximum is required
-        maximum: 20
-        # spec.shoot.workers.maxSurge is required in the first release.
-        # It can be optional in the future, as it equals to zone count
-        maxSurge: 3
-        # spec.shoot.workers.maxUnavailable is required in the first release.
-        # It can be optional in the future, as it is always set to 0
-        maxUnavailable:  0

From 18b165c0dce578f5554b110a9dbec75f42e1f7cf Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 18:28:49 +0200
Subject: [PATCH 43/49] Update

 docs/adr/ | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 475ad4a3..5ef996ff 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -74,17 +74,6 @@ The example below shows the CR that must be created by the KEB to provision the
 kind: Runtime
-  labels:
- instance-id
- runtime-id
- plan-id
- plan-name
- global-account-id
- subAccount-id
- shoot-name
- region
- platform-region
- kymaName
   name: runtime-id
   namespace: kcp-system
@@ -189,17 +178,6 @@ The following example shows the Runtime CR that must be created to provision a c
 kind: Runtime
-  labels:
- instance-id
- runtime-id
- plan-id
- plan-name
- global-account-id
- subAccount-id
- shoot-name
- region
- platform-region
- kymaName
   name: runtime-id
   namespace: kcp-system

From 2de7101c6f866f6b2e4905cfeac65ab42b55128b Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 10 May 2024 18:35:24 +0200
Subject: [PATCH 44/49] Update

 docs/adr/ | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 5ef996ff..c8cd8530 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -331,35 +331,34 @@ type Shoot struct {
 	Name              string             `json:"name"`
 	Purpose           string             `json:"purpose"`
 	Region            string             `json:"region"`
-	SeedName          *string            `json:"seedName,omitempty"`
 	LicenceType       *string            `json:"licenceType,omitempty"`
 	SecretBindingName string             `json:"secretBindingName"`
 	Kubernetes        Kubernetes         `json:"kubernetes"`
 	Provider          Provider           `json:"provider"`
 	Networking        Networking         `json:"networking"`
-	Workers           *[]gardener.Worker `json:"workers,omitempty"`
 type Provider struct {
 	Type                 string                `json:"type"`
-	ControlPlaneConfig   *runtime.RawExtension `json:"controlPlaneConfig,omitempty"`
-	InfrastructureConfig *runtime.RawExtension `json:"infrastructureConfig,omitempty"`
+	ControlPlaneConfig   runtime.RawExtension `json:"controlPlaneConfig"`
+	InfrastructureConfig runtime.RawExtension `json:"infrastructureConfig"`
+        Workers              []gardener.Worker     `json:"workers"`
 type Networking struct {
-	Pods     string `json:"pods,omitempty"`
-	Nodes    string `json:"nodes,omitempty"`
-	Services string `json:"services,omitempty"`
+	Pods     string `json:"pods"`
+	Nodes    string `json:"nodes"`
+	Services string `json:"services"`
 type Kubernetes struct {
-	Version       string    `json:"version"`
-	KubeAPIServer APIServer `json:"kubeAPIServer,omitempty"`
+	Version       *string    `json:"version,omitempty"`
+	KubeAPIServer APIServer  `json:"kubeAPIServer"`
 type APIServer struct {
-	oidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
-	additionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig""`
+	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
+	AdditionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig""`
 type Security struct {
@@ -372,7 +371,7 @@ type NetworkingSecurity struct {
 type Filter struct {
-	Ingress *Ingress `json:"ingress"`
+	Ingress *Ingress `json:"ingress,omitempty"`
 	Egress  Egress   `json:"egress"`

From ccdd1301f97e4d76367d1c67ffdb3a987da57dde Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Tue, 14 May 2024 10:48:30 +0200
Subject: [PATCH 45/49] KIM is responsible for provider specific config.

 docs/adr/                  | 133 +++++-------------
 .../assets/runtime-examples/aws-freemium.yaml |  16 ---
 .../assets/runtime-examples/aws-minimal.yaml  |  24 ----
 .../assets/runtime-examples/aws-trial.yaml    |  16 ---
 docs/adr/assets/runtime-examples/aws.yaml     |  24 ----
 .../runtime-examples/azure-fremium.yaml       |  17 ---
 .../assets/runtime-examples/azure-lite.yaml   |  17 ---
 docs/adr/assets/runtime-examples/azure.yaml   |  22 ---
 docs/adr/assets/runtime-examples/gcp.yaml     |  12 --
 .../runtime-examples/sap-converged-cloud.yaml |  12 --
 10 files changed, 38 insertions(+), 255 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index c8cd8530..1d01698a 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -24,7 +24,6 @@ Kyma Environment Broker has the following responsibilities:
 - Create Runtime CR containing the following data:
     - Provider config (type, region, and secret with credentials for hyperscaler)
     - Worker pool specification
-    - Provider specific config
     - Cluster networking settings (nodes, pods, and services API ranges)
     - OIDC settings
     - Cluster administrators list
@@ -44,6 +43,7 @@ Kyma Environment Broker has the following responsibilities:
      - configuring DNS extension 
      - configuring Certificates extension
      - providing maintenance settings (Kubernetes, and image autoupdates)
+     - creating provider specific config
  - Upgrade and delete shoots for the corresponding `Runtime` CRs
  - Apply the audit log configuration on the shoot resource
  - Create cluster role bindings for administrators
@@ -119,30 +119,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - internal:
-              name: eu-central-1c
-              public:
-              workers:
-            - internal:
-              name: eu-central-1b
-              public:
-              workers:
-            - internal:
-              name: eu-central-1a
-              public:
-              workers:
     # spec.shoot.Networking is required
@@ -247,30 +223,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - internal:
-              name: eu-central-1c
-              public:
-              workers:
-            - internal:
-              name: eu-central-1b
-              public:
-              workers:
-            - internal:
-              name: eu-central-1a
-              public:
-              workers:
     # spec.shoot.Networking is required
@@ -306,64 +258,72 @@ Please see the following examples to understand what CRs must be created for par
 ## API structures
-package v2
+package v1
 import (
 	gardener ""
 	metav1 ""
-	""
+// Runtime is the Schema for the runtimes API
 type Runtime struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec   RuntimeSpec   `json:"spec"`
+	Spec   RuntimeSpec   `json:"spec,omitempty"`
 	Status RuntimeStatus `json:"status,omitempty"`
+// RuntimeSpec defines the desired state of Runtime
 type RuntimeSpec struct {
-	Shoot    Shoot    `json:"spec"`
-	Security Security `json:"security"`
+	Shoot    RuntimeShoot `json:"shoot"`
+	Security Security     `json:"security"`
-type Shoot struct {
-	Name              string             `json:"name"`
-	Purpose           string             `json:"purpose"`
-	Region            string             `json:"region"`
-	LicenceType       *string            `json:"licenceType,omitempty"`
-	SecretBindingName string             `json:"secretBindingName"`
-	Kubernetes        Kubernetes         `json:"kubernetes"`
-	Provider          Provider           `json:"provider"`
-	Networking        Networking         `json:"networking"`
-type Provider struct {
-	Type                 string                `json:"type"`
-	ControlPlaneConfig   runtime.RawExtension `json:"controlPlaneConfig"`
-	InfrastructureConfig runtime.RawExtension `json:"infrastructureConfig"`
-        Workers              []gardener.Worker     `json:"workers"`
+// RuntimeStatus defines the observed state of Runtime
+type RuntimeStatus struct {
+	// State signifies current state of Runtime
+	State State `json:"state,omitempty"`
+	// List of status conditions to indicate the status of a ServiceInstance.
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
-type Networking struct {
-	Pods     string `json:"pods"`
-	Nodes    string `json:"nodes"`
-	Services string `json:"services"`
+type RuntimeShoot struct {
+	Name              string                `json:"name"`
+	Purpose           gardener.ShootPurpose `json:"purpose"`
+	Region            string                `json:"region"`
+	LicenceType       *string               `json:"licenceType,omitempty"`
+	SecretBindingName string                `json:"secretBindingName"`
+	Kubernetes        Kubernetes            `json:"kubernetes"`
+	Provider          Provider              `json:"provider"`
+	Networking        Networking            `json:"networking"`
+	ControlPlane      gardener.ControlPlane `json:"controlPlane"`
 type Kubernetes struct {
-	Version       *string    `json:"version,omitempty"`
-	KubeAPIServer APIServer  `json:"kubeAPIServer"`
+	Version       *string   `json:"version,omitempty"`
+	KubeAPIServer APIServer `json:"kubeAPIServer,omitempty"`
 type APIServer struct {
 	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
-	AdditionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig""`
+	AdditionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig,omitempty"`
+type Provider struct {
+	Type    string            `json:"type"`
+	Workers []gardener.Worker `json:"workers"`
+type Networking struct {
+	Pods     string `json:"pods"`
+	Nodes    string `json:"nodes"`
+	Services string `json:"services"`
 type Security struct {
 	Administrators []string           `json:"administrators"`
-	Networking     NetworkingSecurity `json:"networking""`
+	Networking     NetworkingSecurity `json:"networking"`
 type NetworkingSecurity struct {
@@ -383,21 +343,4 @@ type Egress struct {
 	Enabled bool `json:"enabled"`
-type State string
-// +kubebuilder:object:root=true
-// RuntimeStatus defines the observed state of Runtime
-type RuntimeStatus struct {
-	// State signifies current state of Runtime.
-	// Value can be one of ("Ready", "Processing", "Error", "Deleting").
-	State State `json:"state,omitempty"`
-	// List of status conditions to indicate the status of a ServiceInstance.
-	// +optional
-	// +listType=map
-	// +listMapKey=type
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 9b036258..fc1cdc2c 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -67,22 +67,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        kind: InfrastructureConfig
-        apiVersion:
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - name: eu-central-1b
-              internal:
-              public:
-              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index 72176e4a..f31f50d5 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -57,30 +57,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - internal:
-              name: eu-central-1c
-              public:
-              workers:
-            - internal:
-              name: eu-central-1b
-              public:
-              workers:
-            - internal:
-              name: eu-central-1a
-              public:
-              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index 44ed3041..d3ec90a8 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -57,22 +57,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        kind: InfrastructureConfig
-        apiVersion:
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - name: eu-central-1b
-              internal:
-              public:
-              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 8022b7d9..8c76545a 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -81,30 +81,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vpc:
-            cidr:
-          zones:
-            - internal:
-              name: eu-central-1c
-              public:
-              workers:
-            - internal:
-              name: eu-central-1b
-              public:
-              workers:
-            - internal:
-              name: eu-central-1a
-              public:
-              workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index 312e0673..a2cd223c 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -55,23 +55,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vnet:
-            cidr:
-          zones:
-            - cidr:
-              name: 1
-              natGateway:
-                enabled: true
-                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 6136f5b3..b426219f 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -70,23 +70,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vnet:
-            cidr:
-          zones:
-            - cidr:
-              name: 1
-              natGateway:
-                enabled: true
-                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 029767db..caf8093c 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -81,28 +81,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          vnet:
-            cidr:
-          zones:
-            - cidr:
-              name: 1
-              natGateway:
-                enabled: true
-                idleConnectionTimeoutMinutes: 4
-            - cidr:
-              name: 2
-              natGateway:
-                enabled: true
-                idleConnectionTimeoutMinutes: 4
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 0b0b73a7..7490e3d7 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -81,18 +81,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-        zone: us-central1-b
-      # spec.shoot.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        kind: InfrastructureConfig
-        networks:
-          worker:
-          workers:
     # spec.shoot.Networking is required
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index ca3e9352..bc153ecb 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -77,18 +77,6 @@ spec:
           # spec.shoot.workers.maxUnavailable is required in the first release.
           # It can be optional in the future, as it is always set to 0
           maxUnavailable: 0
-      # spec.shoot.provider.controlPlaneConfig is required
-      controlPlaneConfig:
-        apiVersion:
-        kind: ControlPlaneConfig
-        loadBalancerProvider: f5
-      # spec.shoot.provider.infrastructureConfig is required
-      infrastructureConfig:
-        apiVersion:
-        floatingPoolName: FloatingIP-external-kyma-01
-        kind: InfrastructureConfig
-        networks:
-          workers:
     # spec.shoot.Networking is required

From 06630bbb9f19531a25a4f600dd276cc87e6ac472 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Tue, 14 May 2024 15:37:30 +0200
Subject: [PATCH 46/49] Added code for provider specific config

 docs/adr/                  | 22 ++++++++++++-------
 .../assets/runtime-examples/aws-freemium.yaml |  6 ++---
 .../assets/runtime-examples/aws-minimal.yaml  | 14 ++++++------
 .../assets/runtime-examples/aws-trial.yaml    |  6 ++---
 docs/adr/assets/runtime-examples/aws.yaml     |  7 +++++-
 .../runtime-examples/azure-fremium.yaml       | 10 ++++-----
 .../assets/runtime-examples/azure-lite.yaml   |  6 ++---
 docs/adr/assets/runtime-examples/azure.yaml   |  7 +++++-
 docs/adr/assets/runtime-examples/gcp.yaml     |  7 +++++-
 .../runtime-examples/sap-converged-cloud.yaml |  7 +++++-
 10 files changed, 59 insertions(+), 33 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 1d01698a..a11684b1 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -99,16 +99,16 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1a
+        - eu-central-1b
+        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
-            # spec.shoot.workers.machine.type is required
-            type: m6i.large
-          # spec.shoot.workers.zones is required
-          zones:
-            - eu-central-1a
-            - eu-central-1b
-            - eu-central-1c
+          # spec.shoot.workers.machine.type is required
+          type: m6i.large
           # spec.shoot.workers.minimum is required
           minimum: 3
           # spec.shoot.workers.maximum is required
@@ -191,6 +191,11 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1a
+        - eu-central-1b
+        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
@@ -206,7 +211,7 @@ spec:
             type: gp2
             size: 50Gi
-          # spec.shoot.workers.zones is required
+          # spec.shoot.workers.zones is optional
             - eu-central-1a
             - eu-central-1b
@@ -312,6 +317,7 @@ type APIServer struct {
 type Provider struct {
 	Type    string            `json:"type"`
+	Zones   []string          `json:"workers"`
 	Workers []gardener.Worker `json:"workers"`
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index fc1cdc2c..86abe756 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -42,6 +42,9 @@ spec:
         - machine:
             # spec.shoot.workers.machine.type is required
             type: m5.xlarge
+            # spec.shoot.provider.zones is required
+            zones:
+              - eu-central-1b
             # spec.shoot.workers.machine.image is optional, when not provider default will be used
             # Will be modified by the SRE
@@ -52,9 +55,6 @@ spec:
             type: gp2
             size: 50Gi
-          # spec.shoot.workers.zones is required
-          zones:
-            - eu-central-1b
           # is optional, if not provided default will be used
           name: cpu-worker-0
           # spec.shoot.workers.minimum is required
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index f31f50d5..b47214d3 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -37,16 +37,16 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1a
+        - eu-central-1b
+        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
-            # spec.shoot.workers.machine.type is required
-            type: m6i.large
-          # spec.shoot.workers.zones is required
-          zones:
-            - eu-central-1a
-            - eu-central-1b
-            - eu-central-1c
+          # spec.shoot.workers.machine.type is required
+          type: m6i.large
           # spec.shoot.workers.minimum is required
           minimum: 3
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index d3ec90a8..e1b1858f 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -39,14 +39,14 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1b
       # spec.shoot.provider.workers is required
         - machine:
             # spec.shoot.workers.machine.type is required
             type: mx5.large
-          # spec.shoot.workers.zones is required
-          zones:
-            - eu-central-1b
           # spec.shoot.workers.minimum is required
           minimum: 1
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 8c76545a..ccdf5bbb 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -49,6 +49,11 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1a
+        - eu-central-1b
+        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
@@ -64,7 +69,7 @@ spec:
             type: gp2
             size: 50Gi
-          # spec.shoot.workers.zones is required
+          # spec.shoot.workers.zones is optional
             - eu-central-1a
             - eu-central-1b
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index a2cd223c..d4d9b113 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -37,14 +37,14 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.zones is required
+      zones:
+        - eu-central-1a
       # spec.shoot.provider.workers is required
         - machine:
-            # spec.shoot.workers.machine.type is required
-            type: mx5.large
-          # spec.shoot.workers.zones is required
-          zones:
-            - eu-central-1a
+          # spec.shoot.workers.machine.type is required
+          type: mx5.large
           # spec.shoot.workers.minimum is required
           minimum: 1
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index b426219f..3bfe4fe0 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -40,6 +40,9 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.zones is required
+      zones:
+        - eastus1
       # spec.shoot.provider.workers is required
         - machine:
@@ -55,9 +58,6 @@ spec:
             type: Standard_LRS
             size: 50Gi
-          # spec.shoot.workers.zones is required
-          zones:
-            - eastus1
           # is optional, if not provided default will be used
           name: cpu-worker-0
           # spec.shoot.workers.minimum is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index caf8093c..42994300 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -49,6 +49,11 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
+      # spec.shoot.provider.zones is required
+      zones:
+        - eastus1
+        - eastus2
+        - eastus3
       # spec.shoot.provider.workers is required
         - machine:
@@ -64,7 +69,7 @@ spec:
             type: Standard_LRS
             size: 50Gi
-          # spec.shoot.workers.zones is required
+          # spec.shoot.workers.zones is optional
             - eastus1
             - eastus2
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 7490e3d7..409ad487 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -49,6 +49,11 @@ spec:
       # spec.shoot.provider.type is required
       type: gcp
+      # spec.shoot.provider.zones is required
+      zones:
+        - europe-west3a
+        - europe-west3b
+        - europe-west3c
       # spec.shoot.provider.workers is required
         - machine:
@@ -64,7 +69,7 @@ spec:
             type: pd-standard
             size: 50Gi
-          # spec.shoot.workers.zones is required
+          # spec.shoot.workers.zones is optional
             - europe-west3a
             - europe-west3b
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index bc153ecb..d1aeb984 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -49,6 +49,11 @@ spec:
       # spec.shoot.provider.type is required
       type: openstack
+      # spec.shoot.workers.zones is required
+      zones:
+        - eu-de-1a
+        - eu-de-1b
+        - eu-de-1d
       # spec.shoot.provider.workers is required
         - machine:
@@ -60,7 +65,7 @@ spec:
               name: gardenlinux
               version: 1312.3.0
           # Note: KEB doesn't specify the volume, Gardener defaults used
-          # spec.shoot.workers.zones is provided by the KEB, required
+          # spec.shoot.workers.zones is optional
             - eu-de-1a
             - eu-de-1b

From d8707aa3249ab277d9184a6bdc1efc19f9049cbf Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Thu, 16 May 2024 15:02:01 +0200
Subject: [PATCH 47/49] Added spec.shoot.platformRegion

 docs/adr/                           | 10 +++++++---
 docs/adr/assets/runtime-examples/aws-freemium.yaml     |  2 ++
 docs/adr/assets/runtime-examples/aws-minimal.yaml      |  2 ++
 docs/adr/assets/runtime-examples/aws-trial.yaml        |  2 ++
 docs/adr/assets/runtime-examples/aws.yaml              |  2 ++
 docs/adr/assets/runtime-examples/azure-fremium.yaml    |  2 ++
 docs/adr/assets/runtime-examples/azure-lite.yaml       |  2 ++
 docs/adr/assets/runtime-examples/azure.yaml            |  2 ++
 docs/adr/assets/runtime-examples/gcp.yaml              |  2 ++
 .../assets/runtime-examples/sap-converged-cloud.yaml   |  2 ++
 10 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index a11684b1..194ca04b 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -53,7 +53,8 @@ Kyma Environment Broker has the following responsibilities:
 ### CR examples
-MInd that the Runtime CR must contain the following labels:
+Mind that the Runtime CR must be labeled to make searching easier. 
+The proposed list of labels to be added to the Runtime CR:
 ```yaml instance-id runtime-id
@@ -63,7 +64,6 @@ MInd that the Runtime CR must contain the following labels: subAccount-id shoot-name region
- platform-region kymaName
@@ -84,6 +84,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -141,7 +143,6 @@ spec:
 There are some additional optional fields that could be specified:
-- `spec.shoot.seedName` ; if not provided `nil` value will be used
 - `spec.shoot.licenceType` ; if not provided `nil` value will be used 
 - `spec.shoot.kubernetes.version` ; if not provided, the default value will be read by the KIM from the configuration
 - `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no additional OIDC provider will be configured
@@ -164,6 +165,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -296,6 +299,7 @@ type RuntimeStatus struct {
 type RuntimeShoot struct {
 	Name              string                `json:"name"`
 	Purpose           gardener.ShootPurpose `json:"purpose"`
+	PlatformRegion    string                `json:"platformRegion"` 
 	Region            string                `json:"region"`
 	LicenceType       *string               `json:"licenceType,omitempty"`
 	SecretBindingName string                `json:"secretBindingName"`
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 86abe756..8fb8741a 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: evaluation
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index b47214d3..d2aa68b6 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index e1b1858f..e28789b0 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -24,6 +24,8 @@ spec:
     licenceType: "TestDevelopmentAndDemo"
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index ccdf5bbb..79a79b33 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index d4d9b113..bc21cb79 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: evaluation
     # spec.shoot.region is required
     region: eu-central-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-us11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index 3bfe4fe0..ae25d780 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eastus
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-us11"
     # spec.shoot.licenceType is optional, default=nil
     licenceType: "TestDevelopmentAndDemo"
     # spec.shoot.secretBindingName is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 42994300..22805322 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eastus
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-us11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 409ad487..998266fb 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: europe-west3
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index d1aeb984..2d08e8df 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -22,6 +22,8 @@ spec:
     purpose: production
     # spec.shoot.region is required
     region: eu-de-1
+    # spec.shoot.platformRegion is required
+    platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"

From 7b0765781c6ea1ff21cb07a367d7905895ee5d13 Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Thu, 16 May 2024 17:26:48 +0200
Subject: [PATCH 48/49] spec.shoot.provider.zones removed

 docs/adr/                  | 33 +++++++++++--------
 .../assets/runtime-examples/aws-freemium.yaml |  9 +++--
 .../assets/runtime-examples/aws-minimal.yaml  | 13 ++++----
 .../assets/runtime-examples/aws-trial.yaml    |  9 +++--
 docs/adr/assets/runtime-examples/aws.yaml     |  8 +----
 .../runtime-examples/azure-fremium.yaml       |  9 +++--
 .../assets/runtime-examples/azure-lite.yaml   |  9 +++--
 docs/adr/assets/runtime-examples/azure.yaml   | 10 ++----
 docs/adr/assets/runtime-examples/gcp.yaml     | 10 ++----
 .../runtime-examples/sap-converged-cloud.yaml |  8 +----
 10 files changed, 47 insertions(+), 71 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 194ca04b..969144bf 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -53,7 +53,7 @@ Kyma Environment Broker has the following responsibilities:
 ### CR examples
-Mind that the Runtime CR must be labeled to make searching easier. 
+Mind that the Runtime CR must be labeled to make searching for a particular instance easier. 
 The proposed list of labels to be added to the Runtime CR:
 ```yaml instance-id
@@ -85,7 +85,7 @@ spec:
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -101,16 +101,16 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1a
-        - eu-central-1b
-        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
           # spec.shoot.workers.machine.type is required
           type: m6i.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
           # spec.shoot.workers.minimum is required
           minimum: 3
           # spec.shoot.workers.maximum is required
@@ -155,6 +155,17 @@ The following example shows the Runtime CR that must be created to provision a c
 kind: Runtime
+  labels:
+ instance-id
+ runtime-id
+ plan-id
+ plan-name
+ global-account-id
+ subAccount-id
+ shoot-name
+ region
+ platform-region
+ kymaName
   name: runtime-id
   namespace: kcp-system
@@ -194,11 +205,6 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1a
-        - eu-central-1b
-        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
@@ -214,7 +220,7 @@ spec:
             type: gp2
             size: 50Gi
-          # spec.shoot.workers.zones is optional
+          # spec.shoot.workers.zones is required
             - eu-central-1a
             - eu-central-1b
@@ -321,7 +327,6 @@ type APIServer struct {
 type Provider struct {
 	Type    string            `json:"type"`
-	Zones   []string          `json:"workers"`
 	Workers []gardener.Worker `json:"workers"`
diff --git a/docs/adr/assets/runtime-examples/aws-freemium.yaml b/docs/adr/assets/runtime-examples/aws-freemium.yaml
index 8fb8741a..86733d7e 100644
--- a/docs/adr/assets/runtime-examples/aws-freemium.yaml
+++ b/docs/adr/assets/runtime-examples/aws-freemium.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -44,9 +43,6 @@ spec:
         - machine:
             # spec.shoot.workers.machine.type is required
             type: m5.xlarge
-            # spec.shoot.provider.zones is required
-            zones:
-              - eu-central-1b
             # spec.shoot.workers.machine.image is optional, when not provider default will be used
             # Will be modified by the SRE
@@ -57,6 +53,9 @@ spec:
             type: gp2
             size: 50Gi
+          # spec.shoot.worker.zones is required
+          zones:
+            - eu-central-1b
           # is optional, if not provided default will be used
           name: cpu-worker-0
           # spec.shoot.workers.minimum is required
diff --git a/docs/adr/assets/runtime-examples/aws-minimal.yaml b/docs/adr/assets/runtime-examples/aws-minimal.yaml
index d2aa68b6..10e4958c 100644
--- a/docs/adr/assets/runtime-examples/aws-minimal.yaml
+++ b/docs/adr/assets/runtime-examples/aws-minimal.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -39,16 +38,16 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1a
-        - eu-central-1b
-        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
           # spec.shoot.workers.machine.type is required
           type: m6i.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1a
+            - eu-central-1b
+            - eu-central-1c
           # spec.shoot.workers.minimum is required
           minimum: 3
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/aws-trial.yaml b/docs/adr/assets/runtime-examples/aws-trial.yaml
index e28789b0..15df3583 100644
--- a/docs/adr/assets/runtime-examples/aws-trial.yaml
+++ b/docs/adr/assets/runtime-examples/aws-trial.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -25,7 +24,7 @@ spec:
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -41,14 +40,14 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1b
       # spec.shoot.provider.workers is required
         - machine:
             # spec.shoot.workers.machine.type is required
             type: mx5.large
+          # spec.shoot.workers.zones is required
+          zones:
+            - eu-central-1b
           # spec.shoot.workers.minimum is required
           minimum: 1
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 79a79b33..4bf62426 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -51,11 +50,6 @@ spec:
       # spec.shoot.provider.type is required
       type: aws
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1a
-        - eu-central-1b
-        - eu-central-1c
       # spec.shoot.provider.workers is required
         - machine:
@@ -71,7 +65,7 @@ spec:
             type: gp2
             size: 50Gi
-          # spec.shoot.workers.zones is optional
+          # spec.shoot.workers.zones is required
             - eu-central-1a
             - eu-central-1b
diff --git a/docs/adr/assets/runtime-examples/azure-fremium.yaml b/docs/adr/assets/runtime-examples/azure-fremium.yaml
index bc21cb79..8cce96d7 100644
--- a/docs/adr/assets/runtime-examples/azure-fremium.yaml
+++ b/docs/adr/assets/runtime-examples/azure-fremium.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eu-central-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-us11"
+    platformRegion: "cf-us10"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -39,14 +38,14 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
-      # spec.shoot.provider.zones is required
-      zones:
-        - eu-central-1a
       # spec.shoot.provider.workers is required
         - machine:
           # spec.shoot.workers.machine.type is required
           type: mx5.large
+          # spec.shoot.worker.zones is required
+          zones:
+            - eu-central-1a
           # spec.shoot.workers.minimum is required
           minimum: 1
           # spec.shoot.workers.maximum is required
diff --git a/docs/adr/assets/runtime-examples/azure-lite.yaml b/docs/adr/assets/runtime-examples/azure-lite.yaml
index ae25d780..e85b574e 100644
--- a/docs/adr/assets/runtime-examples/azure-lite.yaml
+++ b/docs/adr/assets/runtime-examples/azure-lite.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eastus
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-us11"
+    platformRegion: "cf-us10"
     # spec.shoot.licenceType is optional, default=nil
     licenceType: "TestDevelopmentAndDemo"
     # spec.shoot.secretBindingName is required
@@ -42,9 +41,6 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
-      # spec.shoot.provider.zones is required
-      zones:
-        - eastus1
       # spec.shoot.provider.workers is required
         - machine:
@@ -60,6 +56,9 @@ spec:
             type: Standard_LRS
             size: 50Gi
+          # spec.shoot.worker.zones is required
+          zones:
+            - eastus1
           # is optional, if not provided default will be used
           name: cpu-worker-0
           # spec.shoot.workers.minimum is required
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 22805322..73a91cbc 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eastus
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-us11"
+    platformRegion: "cf-us10"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -51,11 +50,6 @@ spec:
       # spec.shoot.provider.type is required
       type: azure
-      # spec.shoot.provider.zones is required
-      zones:
-        - eastus1
-        - eastus2
-        - eastus3
       # spec.shoot.provider.workers is required
         - machine:
@@ -71,7 +65,7 @@ spec:
             type: Standard_LRS
             size: 50Gi
-          # spec.shoot.workers.zones is optional
+          # spec.shoot.workers.zones is required
             - eastus1
             - eastus2
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 998266fb..0d114a25 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: europe-west3
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -51,11 +50,6 @@ spec:
       # spec.shoot.provider.type is required
       type: gcp
-      # spec.shoot.provider.zones is required
-      zones:
-        - europe-west3a
-        - europe-west3b
-        - europe-west3c
       # spec.shoot.provider.workers is required
         - machine:
@@ -71,7 +65,7 @@ spec:
             type: pd-standard
             size: 50Gi
-          # spec.shoot.workers.zones is optional
+          # spec.shoot.workers.zones is required
             - europe-west3a
             - europe-west3b
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index 2d08e8df..fbaec4ee 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -10,7 +10,6 @@ metadata: subAccount-id shoot-name region
- platform-region kymaName
   name: runtime-id
   namespace: kcp-system
@@ -23,7 +22,7 @@ spec:
     # spec.shoot.region is required
     region: eu-de-1
     # spec.shoot.platformRegion is required
-    platformRegion: "cd-eu11"
+    platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
@@ -51,11 +50,6 @@ spec:
       # spec.shoot.provider.type is required
       type: openstack
-      # spec.shoot.workers.zones is required
-      zones:
-        - eu-de-1a
-        - eu-de-1b
-        - eu-de-1d
       # spec.shoot.provider.workers is required
         - machine:

From 53aa78b237cfff54a1e184ed3ac459c4ddf3fd0d Mon Sep 17 00:00:00 2001
From: Arkadiusz Galwas <>
Date: Fri, 17 May 2024 07:01:33 +0200
Subject: [PATCH 49/49] Add spec.shoot.enforceSeedLocation property added

 docs/adr/                  | 39 ++++++++-----------
 docs/adr/assets/runtime-examples/aws.yaml     |  2 +
 docs/adr/assets/runtime-examples/azure.yaml   |  2 +
 docs/adr/assets/runtime-examples/gcp.yaml     |  2 +
 .../runtime-examples/sap-converged-cloud.yaml |  2 +
 5 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/docs/adr/ b/docs/adr/
index 969144bf..4639121b 100644
--- a/docs/adr/
+++ b/docs/adr/
@@ -143,11 +143,12 @@ spec:
 There are some additional optional fields that could be specified:
-- `spec.shoot.licenceType` ; if not provided `nil` value will be used 
+- `spec.shoot.enforceSeedLocation` ; if not provided `false` value will be used
+- `spec.shoot.licenceType` ; if not provided `nil` value will be used
 - `spec.shoot.kubernetes.version` ; if not provided, the default value will be read by the KIM from the configuration
 - `spec.shoot.kubernetes.kubeAPIServer.additionalOidcConfig` ; if not provided, no additional OIDC provider will be configured
+- `` ; if not provided, a Gardener default will be used
 - `spec.shoot.workers.machine.image` ; if not provided, the default value will be read by the KIM from the configuration
-- `` ; if not provided, a hardcoded name will be used
 - `` ; if not provided, the `false` value will be used
 The following example shows the Runtime CR that must be created to provision a cluster with an additional OIDC provider and to enable ingress network filtering:
@@ -155,17 +156,6 @@ The following example shows the Runtime CR that must be created to provision a c
 kind: Runtime
-  labels:
- instance-id
- runtime-id
- plan-id
- plan-name
- global-account-id
- subAccount-id
- shoot-name
- region
- platform-region
- kymaName
   name: runtime-id
   namespace: kcp-system
@@ -180,6 +170,8 @@ spec:
     platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
+    # spec.shoot.enforceSeedLocation is optional ; it allows to make sure the seed cluster will be located in the same region as the shoot cluster
+    enforceSeedLocation: "true"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       # Will be modified by the SRE
@@ -303,16 +295,17 @@ type RuntimeStatus struct {
 type RuntimeShoot struct {
-	Name              string                `json:"name"`
-	Purpose           gardener.ShootPurpose `json:"purpose"`
-	PlatformRegion    string                `json:"platformRegion"` 
-	Region            string                `json:"region"`
-	LicenceType       *string               `json:"licenceType,omitempty"`
-	SecretBindingName string                `json:"secretBindingName"`
-	Kubernetes        Kubernetes            `json:"kubernetes"`
-	Provider          Provider              `json:"provider"`
-	Networking        Networking            `json:"networking"`
-	ControlPlane      gardener.ControlPlane `json:"controlPlane"`
+	Name                string                `json:"name"`
+	Purpose             gardener.ShootPurpose `json:"purpose"`
+	PlatformRegion      string                `json:"platformRegion"` 
+	Region              string                `json:"region"`
+	LicenceType         *string               `json:"licenceType,omitempty"`
+	SecretBindingName   string                `json:"secretBindingName"`
+	EnforceSeedLocation *bool                 `json:"enforceSeedLocation,omitempty"`
+	Kubernetes          Kubernetes            `json:"kubernetes"`
+	Provider            Provider              `json:"provider"`
+	Networking          Networking            `json:"networking"`
+	ControlPlane        gardener.ControlPlane `json:"controlPlane"`
 type Kubernetes struct {
diff --git a/docs/adr/assets/runtime-examples/aws.yaml b/docs/adr/assets/runtime-examples/aws.yaml
index 4bf62426..9761e722 100644
--- a/docs/adr/assets/runtime-examples/aws.yaml
+++ b/docs/adr/assets/runtime-examples/aws.yaml
@@ -25,6 +25,8 @@ spec:
     platformRegion: "cd-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
+    # spec.shoot.enforceSeedLocation is optional ; it allows to make sure the seed cluster will be located in the same region as the runtime
+    enforceSeedLocation: "true"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       # Will be modified by the SRE
diff --git a/docs/adr/assets/runtime-examples/azure.yaml b/docs/adr/assets/runtime-examples/azure.yaml
index 73a91cbc..e1267448 100644
--- a/docs/adr/assets/runtime-examples/azure.yaml
+++ b/docs/adr/assets/runtime-examples/azure.yaml
@@ -25,6 +25,8 @@ spec:
     platformRegion: "cf-us10"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
+    # spec.shoot.enforceSeedLocation is optional ; it allows to make sure the seed cluster will be located in the same region as the runtime
+    enforceSeedLocation: "true"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
diff --git a/docs/adr/assets/runtime-examples/gcp.yaml b/docs/adr/assets/runtime-examples/gcp.yaml
index 0d114a25..48b2db7f 100644
--- a/docs/adr/assets/runtime-examples/gcp.yaml
+++ b/docs/adr/assets/runtime-examples/gcp.yaml
@@ -25,6 +25,8 @@ spec:
     platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
+    # spec.shoot.enforceSeedLocation is optional ; it allows to make sure the seed cluster will be located in the same region as the runtime
+    enforceSeedLocation: "true"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"
diff --git a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
index fbaec4ee..9a61e7c2 100644
--- a/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
+++ b/docs/adr/assets/runtime-examples/sap-converged-cloud.yaml
@@ -25,6 +25,8 @@ spec:
     platformRegion: "cf-eu11"
     # spec.shoot.secretBindingName is required
     secretBindingName: "hyperscaler secret"
+    # spec.shoot.enforceSeedLocation is optional ; it allows to make sure the seed cluster will be located in the same region as the runtime
+    enforceSeedLocation: "true"
       # spec.shoot.kubernetes.version is optional, when not provided default will be used
       version: "1.28.7"