cilium-agent hive

Inspect the hive

cilium-agent hive [flags]


      --agent-liveness-update-interval duration                   Interval at which the agent updates liveness time for the datapath (default 1s)
      --certificates-directory string                             Root directory to find certificates specified in L7 TLS policy enforcement (default "/var/run/cilium/certs")
      --clustermesh-config string                                 Path to the ClusterMesh configuration directory
      --clustermesh-ip-identities-sync-timeout duration           Timeout waiting for the initial synchronization of IPs and identities from remote clusters before local endpoints regeneration (default 1m0s)
      --cni-chaining-mode string                                  Enable CNI chaining with the specified plugin (default "none")
      --cni-chaining-target string                                CNI network name into which to insert the Cilium chained configuration. Use '*' to select any network.
      --cni-exclusive                                             Whether to remove other CNI configurations
      --cni-log-file string                                       Path where the CNI plugin should write logs (default "/var/run/cilium/cilium-cni.log")
      --egress-gateway-policy-map-max int                         Maximum number of entries in egress gateway policy map (default 16384)
      --egress-gateway-reconciliation-trigger-interval duration   Time between triggers of egress gateway state reconciliations (default 1s)
      --enable-cilium-api-server-access strings                   List of cilium API APIs which are administratively enabled. Supports '*'. (default [*])
      --enable-cilium-health-api-server-access strings            List of cilium health API APIs which are administratively enabled. Supports '*'. (default [*])
      --enable-k8s                                                Enable the k8s clientset (default true)
      --enable-k8s-api-discovery                                  Enable discovery of Kubernetes API groups and resources with the discovery API
      --enable-l2-pod-announcements                               Enable announcing Pod IPs with Gratuitous ARP
      --enable-monitor                                            Enable the monitor unix domain socket server (default true)
      --gops-port uint16                                          Port for gops server to listen on (default 9890)
  -h, --help                                                      help for hive
      --install-egress-gateway-routes                             Install egress gateway IP rules and routes in order to properly steer egress gateway traffic to the correct ENI interface
      --k8s-api-server string                                     Kubernetes API server URL
      --k8s-client-burst int                                      Burst value allowed for the K8s client
      --k8s-client-qps float32                                    Queries per second limit for the K8s client
      --k8s-heartbeat-timeout duration                            Configures the timeout for api-server heartbeat, set to 0 to disable (default 30s)
      --k8s-kubeconfig-path string                                Absolute path of the kubernetes kubeconfig file
      --l2-pod-announcements-interface string                     Interface used for sending gratuitous arp messages
      --mesh-auth-enabled                                         Enable authentication processing & garbage collection (beta) (default true)
      --mesh-auth-gc-interval duration                            Interval in which auth entries are attempted to be garbage collected (default 5m0s)
      --mesh-auth-mutual-listener-port int                        Port on which the Cilium Agent will perform mutual authentication handshakes between other Agents
      --mesh-auth-queue-size int                                  Queue size for the auth manager (default 1024)
      --mesh-auth-rotated-identities-queue-size int               The size of the queue for signaling rotated identities. (default 1024)
      --mesh-auth-spiffe-trust-domain string                      The trust domain for the SPIFFE identity. (default "spiffe.cilium")
      --mesh-auth-spire-admin-socket string                       The path for the SPIRE admin agent Unix socket.
      --metrics strings                                           Metrics that should be enabled or disabled from the default metric list. (+metric_foo to enable metric_foo, -metric_bar to disable metric_bar)
      --monitor-queue-size int                                    Size of the event queue when reading monitor events
      --pprof                                                     Enable serving pprof debugging API
      --pprof-address string                                      Address that pprof listens on (default "localhost")
      --pprof-port uint16                                         Port that pprof listens on (default 6060)
      --prometheus-serve-addr string                              IP:Port on which to serve prometheus metrics (pass ":Port" to bind on all interfaces, "" is off) (default ":9962")
      --read-cni-conf string                                      CNI configuration file to use as a source for --write-cni-conf-when-ready. If not supplied, a suitable one will be generated.
      --write-cni-conf-when-ready string                          Write the CNI configuration to the specified path when agent is ready