cilium-agent hive dot-graph

Output the dependencies graph in graphviz dot format

cilium-agent hive dot-graph [flags]

Options

  -h, --help   help for dot-graph

Options inherited from parent commands

      --agent-liveness-update-interval duration                   Interval at which the agent updates liveness time for the datapath (default 1s)
      --api-rate-limit stringToString                             API rate limiting configuration (example: --api-rate-limit endpoint-create=rate-limit:10/m,rate-burst:2) (default [])
      --certificates-directory string                             Root directory to find certificates specified in L7 TLS policy enforcement (default "/var/run/cilium/certs")
      --cluster-id uint32                                         Unique identifier of the cluster
      --cluster-name string                                       Name of the cluster (default "default")
      --clustermesh-config string                                 Path to the ClusterMesh configuration directory
      --clustermesh-ip-identities-sync-timeout duration           Timeout waiting for the initial synchronization of IPs and identities from remote clusters before local endpoints regeneration (default 1m0s)
      --cni-chaining-mode string                                  Enable CNI chaining with the specified plugin (default "none")
      --cni-chaining-target string                                CNI network name into which to insert the Cilium chained configuration. Use '*' to select any network.
      --cni-exclusive                                             Whether to remove other CNI configurations
      --cni-external-routing                                      Whether the chained CNI plugin handles routing on the node
      --cni-log-file string                                       Path where the CNI plugin should write logs (default "/var/run/cilium/cilium-cni.log")
      --controller-group-metrics strings                          List of controller group names for which to to enable metrics. Accepts 'all' and 'none'. The set of controller group names available is not guaranteed to be stable between Cilium versions.
      --disable-iptables-feeder-rules strings                     Chains to ignore when installing feeder rules.
      --egress-gateway-policy-map-max int                         Maximum number of entries in egress gateway policy map (default 16384)
      --egress-gateway-reconciliation-trigger-interval duration   Time between triggers of egress gateway state reconciliations (default 1s)
      --enable-bandwidth-manager                                  Enable BPF bandwidth manager
      --enable-bbr                                                Enable BBR for the bandwidth manager
      --enable-cilium-api-server-access strings                   List of cilium API APIs which are administratively enabled. Supports '*'. (default [*])
      --enable-cilium-health-api-server-access strings            List of cilium health API APIs which are administratively enabled. Supports '*'. (default [*])
      --enable-gateway-api                                        Enables Envoy secret sync for Gateway API related TLS secrets
      --enable-ingress-controller                                 Enables Envoy secret sync for Ingress controller related TLS secrets
      --enable-ipv4-big-tcp                                       Enable IPv4 BIG TCP option which increases device's maximum GRO/GSO limits for IPv4
      --enable-ipv6-big-tcp                                       Enable IPv6 BIG TCP option which increases device's maximum GRO/GSO limits for IPv6
      --enable-k8s                                                Enable the k8s clientset (default true)
      --enable-k8s-api-discovery                                  Enable discovery of Kubernetes API groups and resources with the discovery API
      --enable-k8s-endpoint-slice                                 Enables k8s EndpointSlice feature in Cilium if the k8s cluster supports it (default true)
      --enable-l2-pod-announcements                               Enable announcing Pod IPs with Gratuitous ARP
      --enable-monitor                                            Enable the monitor unix domain socket server (default true)
      --enable-service-topology                                   Enable support for service topology aware hints
      --endpoint-bpf-prog-watchdog-interval duration              Interval to trigger endpoint BPF programs load check watchdog (default 30s)
      --envoy-secrets-namespace string                            EnvoySecretsNamespace is the namespace having secrets used by CEC
      --gateway-api-secrets-namespace string                      GatewayAPISecretsNamespace is the namespace having tls secrets used by CEC, originating from Gateway API
      --gops-port uint16                                          Port for gops server to listen on (default 9890)
      --ingress-secrets-namespace string                          IngressSecretsNamespace is the namespace having tls secrets used by CEC, originating from Ingress controller
      --iptables-lock-timeout duration                            Time to pass to each iptables invocation to wait for xtables lock acquisition (default 5s)
      --iptables-random-fully                                     Set iptables flag random-fully on masquerading rules
      --k8s-api-server string                                     Kubernetes API server URL
      --k8s-client-burst int                                      Burst value allowed for the K8s client
      --k8s-client-qps float32                                    Queries per second limit for the K8s client
      --k8s-heartbeat-timeout duration                            Configures the timeout for api-server heartbeat, set to 0 to disable (default 30s)
      --k8s-kubeconfig-path string                                Absolute path of the kubernetes kubeconfig file
      --k8s-service-proxy-name string                             Value of K8s service-proxy-name label for which Cilium handles the services (empty = all services without service.kubernetes.io/service-proxy-name label)
      --l2-pod-announcements-interface string                     Interface used for sending gratuitous arp messages
      --max-connected-clusters uint32                             Maximum number of clusters to be connected in a clustermesh. Increasing this value will reduce the maximum number of identities available. Valid configurations are [255, 511]. (default 255)
      --mesh-auth-enabled                                         Enable authentication processing & garbage collection (beta) (default true)
      --mesh-auth-gc-interval duration                            Interval in which auth entries are attempted to be garbage collected (default 5m0s)
      --mesh-auth-mutual-connect-timeout duration                 Timeout for connecting to the remote node TCP socket (default 5s)
      --mesh-auth-mutual-listener-port int                        Port on which the Cilium Agent will perform mutual authentication handshakes between other Agents
      --mesh-auth-queue-size int                                  Queue size for the auth manager (default 1024)
      --mesh-auth-rotated-identities-queue-size int               The size of the queue for signaling rotated identities. (default 1024)
      --mesh-auth-spiffe-trust-domain string                      The trust domain for the SPIFFE identity. (default "spiffe.cilium")
      --mesh-auth-spire-admin-socket string                       The path for the SPIRE admin agent Unix socket.
      --metrics strings                                           Metrics that should be enabled or disabled from the default metric list. (+metric_foo to enable metric_foo, -metric_bar to disable metric_bar)
      --monitor-queue-size int                                    Size of the event queue when reading monitor events
      --nodeport-addresses strings                                A whitelist of CIDRs to limit which IPs are used for NodePort. If not set, primary IPv4 and/or IPv6 address of each native device is used.
      --pprof                                                     Enable serving pprof debugging API
      --pprof-address string                                      Address that pprof listens on (default "localhost")
      --pprof-port uint16                                         Port that pprof listens on (default 6060)
      --prepend-iptables-chains                                   Prepend custom iptables chains instead of appending (default true)
      --procfs string                                             Path to the host's proc filesystem mount (default "/proc")
      --prometheus-serve-addr string                              IP:Port on which to serve prometheus metrics (pass ":Port" to bind on all interfaces, "" is off) (default ":9962")
      --read-cni-conf string                                      CNI configuration file to use as a source for --write-cni-conf-when-ready. If not supplied, a suitable one will be generated.
      --tunnel-port uint16                                        Tunnel port (default 8472 for "vxlan" and 6081 for "geneve")
      --tunnel-protocol string                                    Encapsulation protocol to use for the overlay ("vxlan" or "geneve") (default "vxlan")
      --write-cni-conf-when-ready string                          Write the CNI configuration to the specified path when agent is ready

SEE ALSO