cilium-dbg preflight migrate-identity
Migrate KVStore-backed identities to kubernetes CRD-backed identities
Synopsis
migrate-identity allows migrating to CRD-backed identities while minimizing connection interruptions. It will allocate a CRD-backed identity, with the same numeric security identity, for each cilium security identity defined in the kvstore. When cilium-agents are restarted with identity-allocation-mode set to CRD the numeric identities will then be equivalent between new instances and not-upgraded ones. In cases where the numeric identity is already in-use by a different set of labels, a new numeric identity is created.
cilium-dbg preflight migrate-identity [flags]
Options
--enable-k8s Enable the k8s clientset (default true)
--enable-k8s-api-discovery Enable discovery of Kubernetes API groups and resources with the discovery API
-h, --help help for migrate-identity
--k8s-api-server string Kubernetes API server URL
--k8s-client-burst int Burst value allowed for the K8s client (default 20)
--k8s-client-connection-keep-alive duration Configures the keep alive duration of K8s client connections. K8 client is disabled if the value is set to 0 (default 30s)
--k8s-client-connection-timeout duration Configures the timeout of K8s client connections. K8s client is disabled if the value is set to 0 (default 30s)
--k8s-client-qps float32 Queries per second limit for the K8s client (default 10)
--k8s-heartbeat-timeout duration Configures the timeout for api-server heartbeat, set to 0 to disable (default 30s)
--k8s-kubeconfig-path string Absolute path of the kubernetes kubeconfig file
--kvstore string Key-value store type
--kvstore-opt map Key-value store options e.g. etcd.address=127.0.0.1:4001
Options inherited from parent commands
--config string Config file (default is $HOME/.cilium.yaml)
-D, --debug Enable debug messages
-H, --host string URI to server-side API
SEE ALSO
cilium-dbg preflight - Cilium upgrade helper