Key-Value Store

OptionDescriptionDefault
–kvstore TYPEKey Value Store Type: (consul, etcd) 
–kvstore-opt OPTS  

consul

When using consul, the consul agent address needs to be provided with the consul.address: consul.tlsconfig is optional, and is only required for TLS authentication:

OptionTypeDescription
consul.addressAddressAddress of consul agent
consul.tlsconfigPathPath to a consul configuration file for client server authentication

Example of the consul configuration file:

  1. ---
  2. cafile: '/var/lib/cilium/consul-ca.pem'
  3. keyfile: '/var/lib/cilium/client-key.pem'
  4. certfile: '/var/lib/cilium/client.pem'
  5. #insecureskipverify: true

etcd

When using etcd, one of the following options need to be provided to configure the etcd endpoints:

OptionTypeDescription
etcd.addressAddressAddress of etcd endpoint
etcd.operatorBooleanWhen set to true, Cilium will resolve the domain name of the etcd server from the associated k8s service deployed.
etcd.configPathPath to an etcd configuration file.

Example of the etcd configuration file:

  1. ---
  2. endpoints:
  3. - https://192.168.0.1:2379
  4. - https://192.168.0.2:2379
  5. trusted-ca-file: '/var/lib/cilium/etcd-ca.pem'
  6. # In case you want client to server authentication
  7. key-file: '/var/lib/cilium/etcd-client.key'
  8. cert-file: '/var/lib/cilium/etcd-client.crt'