Configuration

Your Cilium installation is configured by one or more Helm values - see Helm Reference. These helm values are converted to arguments for the individual components of a Cilium installation, such as cilium-agent and cilium-operator, and stored in a ConfigMap.

cilium-config ConfigMap

These arguments are stored in a shared ConfigMap called cilium-config (albeit without the leading --). For example, a typical installation may look like

$ kubectl -n kube-system get configmap cilium-config -o yaml
data:
  agent-not-ready-taint-key: node.cilium.io/agent-not-ready
  arping-refresh-period: 30s
  auto-direct-node-routes: "false"
  (output continues)

Making Changes

You may change the configuration of a running installation in three ways:

1. Via helm upgrade

   Do so by providing new values to Helm and applying them to the existing installation. By setting the value rollOutCiliumPods=true, the agent pods will be gradually restarted.

2. Via cilium config set

   The Cilium CLI has the ability to update individual values in the cilium-config ConfigMap. This will not affect running pods; pods must be deleted manually to pick up any changes.

3. Via CiliumNodeConfig objects

   Cilium also supports configuration on sets of nodes. See the Per-node configuration page for more details. Likewise, this also requires that pods be manually deleted for changes to take effect.

Core Agent

• API Rate Limiting
• Administrative API Enablement
• Per-node configuration
• SCTP support (beta)
• VLAN 802.1q support
• Troubleshooting Cilium deployed with Argo CD

Security

• Verifying Image Signatures
• Software Bill of Materials