Key-Value Store

Option Description Default
–kvstore TYPE Key Value Store Type: (consul, etcd)  
–kvstore-opt OPTS    

consul

When using consul, the consul agent address needs to be provided with the consul.address: consul.tlsconfig is optional, and is only required for TLS authentication:

Option Type Description
consul.address Address Address of consul agent
consul.tlsconfig Path Path to a consul configuration file for client server authentication

Example of the consul configuration file:

---
cafile: '/var/lib/cilium/consul-ca.pem'
keyfile: '/var/lib/cilium/client-key.pem'
certfile: '/var/lib/cilium/client.pem'
#insecureskipverify: true

etcd

When using etcd, one of the following options need to be provided to configure the etcd endpoints:

Option Type Description
etcd.address Address Address of etcd endpoint
etcd.operator Boolean When set to true, Cilium will resolve the domain name of the etcd server from the associated k8s service deployed.
etcd.config Path Path to an etcd configuration file.

Example of the etcd configuration file:

---
endpoints:
- https://192.168.0.1:2379
- https://192.168.0.2:2379
trusted-ca-file: '/var/lib/cilium/etcd-ca.pem'
# In case you want client to server authentication
key-file: '/var/lib/cilium/etcd-client.key'
cert-file: '/var/lib/cilium/etcd-client.crt'