cilium preflight migrate-identity

Migrate KVStore-backed identities to kubernetes CRD-backed identities


migrate-identity allows migrating to CRD-backed identities while minimizing connection interruptions. It will allocate a CRD-backed identity, with the same numeric security identity, for each cilium security identity defined in the kvstore. When cilium-agents are restarted with identity-allocation-mode set to CRD the numeric identities will then be equivalent between new instances and not-upgraded ones. In cases where the numeric identity is already in-use by a different set of labels, a new numeric identity is created.

cilium preflight migrate-identity [flags]


  -h, --help                         help for migrate-identity
      --k8s-api-server string        Kubernetes api address server (for https use --k8s-kubeconfig-path instead)
      --k8s-kubeconfig-path string   Absolute path of the kubernetes kubeconfig file
      --kvstore string               Key-value store type
      --kvstore-opt map              Key-value store options e.g. etcd.address=

Options inherited from parent commands

      --config string   config file (default is $HOME/.cilium.yaml)
  -D, --debug           Enable debug messages
  -H, --host string     URI to server-side API