Configuring Felix
The following tables detail the configuration file and
environment variable parameters. For FelixConfiguration resource settings,
refer to Felix Configuration Resource.
Configuration for Felix is read from one of four possible locations, in order, as follows.
- Environment variables.
- The Felix configuration file.
- Host-specific
FelixConfigurationresources (node.<nodename>). - The global
FelixConfigurationresource (default).
The value of any configuration parameter is the value read from the first location containing a value. For example, if an environment variable contains a value, it takes top precedence.
If not set in any of these locations, most configuration parameters have defaults, and it should be rare to have to explicitly set them.
The full list of parameters which can be set is as follows.
Spec
Datastore connection
DatastoreType
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DatastoreType |
| Description | Controls which datastore driver Felix will use. Typically, this is detected from the environment
and it does not need to be set manually. (For example, if |
| Schema | One of: etcdv3, kubernetes (case insensitive) |
| Default | etcdv3 |
| Attribute | Value |
|---|---|
| Key | FELIX_DATASTORETYPE |
| Description | Controls which datastore driver Felix will use. Typically, this is detected from the environment
and it does not need to be set manually. (For example, if |
| Schema | One of: etcdv3, kubernetes (case insensitive) |
| Default | etcdv3 |
EtcdAddr
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdAddr |
| Description | When using the |
| Schema | String matching regex ^[^:/]+:\d+$ |
| Default | 127.0.0.1:2379 |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDADDR |
| Description | When using the |
| Schema | String matching regex ^[^:/]+:\d+$ |
| Default | 127.0.0.1:2379 |
EtcdCaFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdCaFile |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDCAFILE |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
EtcdCertFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdCertFile |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDCERTFILE |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
EtcdEndpoints
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdEndpoints |
| Description | When using the |
| Schema | List of HTTP endpoints: comma-delimited list of http(s)://hostname:port |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDENDPOINTS |
| Description | When using the |
| Schema | List of HTTP endpoints: comma-delimited list of http(s)://hostname:port |
| Default | none |
EtcdKeyFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdKeyFile |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDKEYFILE |
| Description | When using the |
| Schema | Path to file, which must exist |
| Default | none |
EtcdScheme
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | EtcdScheme |
| Description | EtcdAddr: when using the |
| Schema | One of: http, https (case insensitive) |
| Default | http |
| Attribute | Value |
|---|---|
| Key | FELIX_ETCDSCHEME |
| Description | EtcdAddr: when using the |
| Schema | One of: http, https (case insensitive) |
| Default | http |
FelixHostname
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | FelixHostname |
| Description | The name of this node, used to identify resources in the datastore that belong to this node. Auto-detected from the node's hostname if not provided. |
| Schema | String matching regex ^[a-zA-Z0-9_.-]+$ |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_FELIXHOSTNAME |
| Description | The name of this node, used to identify resources in the datastore that belong to this node. Auto-detected from the node's hostname if not provided. |
| Schema | String matching regex ^[a-zA-Z0-9_.-]+$ |
| Default | none |
TyphaAddr
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaAddr |
| Description | If set, tells Felix to connect to Typha at the given address and port. Overrides TyphaK8sServiceName. |
| Schema | String matching regex ^[^:/]+:\d+$ |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAADDR |
| Description | If set, tells Felix to connect to Typha at the given address and port. Overrides TyphaK8sServiceName. |
| Schema | String matching regex ^[^:/]+:\d+$ |
| Default | none |
TyphaCAFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaCAFile |
| Description | Path to the TLS CA file to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHACAFILE |
| Description | Path to the TLS CA file to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
TyphaCN
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaCN |
| Description | Common name to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of TyphaCN and TyphaURISAN must be set. |
| Schema | String |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHACN |
| Description | Common name to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of TyphaCN and TyphaURISAN must be set. |
| Schema | String |
| Default | none |
TyphaCertFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaCertFile |
| Description | Path to the TLS certificate to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHACERTFILE |
| Description | Path to the TLS certificate to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
TyphaK8sNamespace
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaK8sNamespace |
| Description | Namespace to look in when looking for Typha's service (see TyphaK8sServiceName). |
| Schema | String |
| Default | kube-system |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAK8SNAMESPACE |
| Description | Namespace to look in when looking for Typha's service (see TyphaK8sServiceName). |
| Schema | String |
| Default | kube-system |
TyphaK8sServiceName
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaK8sServiceName |
| Description | If set, tells Felix to connect to Typha by looking up the Endpoints of the given Kubernetes Service in namespace specified by TyphaK8sNamespace. |
| Schema | String |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAK8SSERVICENAME |
| Description | If set, tells Felix to connect to Typha by looking up the Endpoints of the given Kubernetes Service in namespace specified by TyphaK8sNamespace. |
| Schema | String |
| Default | none |
TyphaKeyFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaKeyFile |
| Description | Path to the TLS private key to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAKEYFILE |
| Description | Path to the TLS private key to use when communicating with Typha. If this parameter is specified, the other TLS parameters must also be specified. |
| Schema | Path to file, which must exist |
| Default | none |
TyphaReadTimeout
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaReadTimeout |
| Description | Read timeout when reading from the Typha connection. If typha sends no data for this long, Felix will exit and restart. (Note that Typha sends regular pings so traffic is always expected.) |
| Schema | Seconds (floating point) |
| Default | 30 |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAREADTIMEOUT |
| Description | Read timeout when reading from the Typha connection. If typha sends no data for this long, Felix will exit and restart. (Note that Typha sends regular pings so traffic is always expected.) |
| Schema | Seconds (floating point) |
| Default | 30 |
TyphaURISAN
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaURISAN |
| Description | URI SAN to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of TyphaCN and TyphaURISAN must be set. |
| Schema | String |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAURISAN |
| Description | URI SAN to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of TyphaCN and TyphaURISAN must be set. |
| Schema | String |
| Default | none |
TyphaWriteTimeout
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | TyphaWriteTimeout |
| Description | Write timeout when writing data to Typha. |
| Schema | Seconds (floating point) |
| Default | 10 |
| Attribute | Value |
|---|---|
| Key | FELIX_TYPHAWRITETIMEOUT |
| Description | Write timeout when writing data to Typha. |
| Schema | Seconds (floating point) |
| Default | 10 |
Process: Feature detection/overrides
FeatureDetectOverride
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | FeatureDetectOverride |
| Description | Used to override feature detection based on auto-detected platform capabilities. Values are specified in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". A value of "true" or "false" will force enable/disable feature, empty or omitted values fall back to auto-detection. |
| Schema | Comma-delimited list of key=value pairs |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_FEATUREDETECTOVERRIDE |
| Description | Used to override feature detection based on auto-detected platform capabilities. Values are specified in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". A value of "true" or "false" will force enable/disable feature, empty or omitted values fall back to auto-detection. |
| Schema | Comma-delimited list of key=value pairs |
| Default | none |
FeatureGates
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | FeatureGates |
| Description | Used to enable or disable tech-preview Calico features. Values are specified in a comma separated list with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". This is used to enable features that are not fully production ready. |
| Schema | Comma-delimited list of key=value pairs |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_FEATUREGATES |
| Description | Used to enable or disable tech-preview Calico features. Values are specified in a comma separated list with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". This is used to enable features that are not fully production ready. |
| Schema | Comma-delimited list of key=value pairs |
| Default | none |
Process: Go runtime
GoGCThreshold
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | GoGCThreshold |
| Description | Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting. This setting is overridden by the GOGC environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | 40 |
| Attribute | Value |
|---|---|
| Key | FELIX_GOGCTHRESHOLD |
| Description | Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting. This setting is overridden by the GOGC environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | 40 |
GoMaxProcs
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | GoMaxProcs |
| Description | Sets the maximum number of CPUs that the Go runtime will use concurrently. A value of -1 means "use the system default"; typically the number of real CPUs on the system. this setting is overridden by the GOMAXPROCS environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | -1 |
| Attribute | Value |
|---|---|
| Key | FELIX_GOMAXPROCS |
| Description | Sets the maximum number of CPUs that the Go runtime will use concurrently. A value of -1 means "use the system default"; typically the number of real CPUs on the system. this setting is overridden by the GOMAXPROCS environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | -1 |
GoMemoryLimitMB
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | GoMemoryLimitMB |
| Description | Sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to take more than 50% of the process's CPU time. A value of -1 disables the memory limit. Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container or pod level. This is because felix is not the only process that must run in the container or pod. This setting is overridden by the GOMEMLIMIT environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | -1 |
| Attribute | Value |
|---|---|
| Key | FELIX_GOMEMORYLIMITMB |
| Description | Sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to take more than 50% of the process's CPU time. A value of -1 disables the memory limit. Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container or pod level. This is because felix is not the only process that must run in the container or pod. This setting is overridden by the GOMEMLIMIT environment variable. |
| Schema | Integer: [-1,263-1] |
| Default | -1 |
Process: Health port and timeouts
HealthEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | HealthEnabled |
| Description | If set to true, enables Felix's health port, which provides readiness and liveness endpoints. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_HEALTHENABLED |
| Description | If set to true, enables Felix's health port, which provides readiness and liveness endpoints. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
HealthHost
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | HealthHost |
| Description | The host that the health server should bind to. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | localhost |
| Attribute | Value |
|---|---|
| Key | FELIX_HEALTHHOST |
| Description | The host that the health server should bind to. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | localhost |
HealthPort
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | HealthPort |
| Description | The TCP port that the health server should bind to. |
| Schema | Integer: [0,65535] |
| Default | 9099 |
| Attribute | Value |
|---|---|
| Key | FELIX_HEALTHPORT |
| Description | The TCP port that the health server should bind to. |
| Schema | Integer: [0,65535] |
| Default | 9099 |
HealthTimeoutOverrides
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | HealthTimeoutOverrides |
| Description | Allows the internal watchdog timeouts of individual subcomponents to be overridden. This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. |
| Schema | Comma-delimited list of <key>=<duration> pairs, where durations use Go's standard format (e.g. 1s, 1m, 1h3m2s) |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_HEALTHTIMEOUTOVERRIDES |
| Description | Allows the internal watchdog timeouts of individual subcomponents to be overridden. This is useful for working around "false positive" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs. |
| Schema | Comma-delimited list of <key>=<duration> pairs, where durations use Go's standard format (e.g. 1s, 1m, 1h3m2s) |
| Default | none |
Process: Logging
LogActionRateLimit
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogActionRateLimit |
| Description | Sets the rate of hitting a Log action. The value must be in the format "N/unit", where N is a number and unit is one of: second, minute, hour, or day. For example: "10/second" or "100/hour". |
| Schema | String matching regex ^([1-9]\d{0,3}/(?:second|minute|hour|day))?$ |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGACTIONRATELIMIT |
| Description | Sets the rate of hitting a Log action. The value must be in the format "N/unit", where N is a number and unit is one of: second, minute, hour, or day. For example: "10/second" or "100/hour". |
| Schema | String matching regex ^([1-9]\d{0,3}/(?:second|minute|hour|day))?$ |
| Default | none |
LogActionRateLimitBurst
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogActionRateLimitBurst |
| Description | Sets the rate limit burst of hitting a Log action when LogActionRateLimit is enabled. |
| Schema | Integer: [0,263-1], [9999,263-1] |
| Default | 5 |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGACTIONRATELIMITBURST |
| Description | Sets the rate limit burst of hitting a Log action when LogActionRateLimit is enabled. |
| Schema | Integer: [0,263-1], [9999,263-1] |
| Default | 5 |
LogDebugFilenameRegex
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogDebugFilenameRegex |
| Description | Controls which source code files have their Debug log output included in the logs. Only logs from files with names that match the given regular expression are included. The filter only applies to Debug level logs. |
| Schema | Regular expression |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGDEBUGFILENAMEREGEX |
| Description | Controls which source code files have their Debug log output included in the logs. Only logs from files with names that match the given regular expression are included. The filter only applies to Debug level logs. |
| Schema | Regular expression |
| Default | none |
LogFilePath
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogFilePath |
| Description | The full path to the Felix log. Set to none to disable file logging. |
| Schema | Path to file |
| Default | /var/log/calico/felix.log |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGFILEPATH |
| Description | The full path to the Felix log. Set to none to disable file logging. |
| Schema | Path to file |
| Default | /var/log/calico/felix.log |
LogPrefix
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogPrefix |
| Description | The log prefix that Felix uses when rendering LOG rules. It is possible to use the following specifiers to include extra information in the log prefix. - %t: Tier name. - %k: Kind (short names). - %n: Policy or profile name. - %p: Policy or profile name (namespace/name for namespaced kinds or just name for non namespaced kinds). Calico includes ": " characters at the end of the generated log prefix. Note that iptables shows up to 29 characters for the log prefix and nftables up to 127 characters. Extra characters are truncated. |
| Schema | String |
| Default | calico-packet |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGPREFIX |
| Description | The log prefix that Felix uses when rendering LOG rules. It is possible to use the following specifiers to include extra information in the log prefix. - %t: Tier name. - %k: Kind (short names). - %n: Policy or profile name. - %p: Policy or profile name (namespace/name for namespaced kinds or just name for non namespaced kinds). Calico includes ": " characters at the end of the generated log prefix. Note that iptables shows up to 29 characters for the log prefix and nftables up to 127 characters. Extra characters are truncated. |
| Schema | String |
| Default | calico-packet |
LogSeverityFile
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogSeverityFile |
| Description | The log severity above which logs are sent to the log file. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGSEVERITYFILE |
| Description | The log severity above which logs are sent to the log file. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
LogSeverityScreen
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogSeverityScreen |
| Description | The log severity above which logs are sent to the stdout. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGSEVERITYSCREEN |
| Description | The log severity above which logs are sent to the stdout. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
LogSeveritySys
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | LogSeveritySys |
| Description | The log severity above which logs are sent to the syslog. Set to None for no logging to syslog. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
| Attribute | Value |
|---|---|
| Key | FELIX_LOGSEVERITYSYS |
| Description | The log severity above which logs are sent to the syslog. Set to None for no logging to syslog. |
| Schema | One of: DEBUG, ERROR, FATAL, INFO, TRACE, WARNING (case insensitive) |
| Default | INFO |
Process: Prometheus metrics
PrometheusGoMetricsEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusGoMetricsEnabled |
| Description | Disables Go runtime metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSGOMETRICSENABLED |
| Description | Disables Go runtime metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
PrometheusMetricsEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusMetricsEnabled |
| Description | Enables the Prometheus metrics server in Felix if set to true. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSMETRICSENABLED |
| Description | Enables the Prometheus metrics server in Felix if set to true. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
PrometheusMetricsHost
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusMetricsHost |
| Description | The host that the Prometheus metrics server should bind to. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSMETRICSHOST |
| Description | The host that the Prometheus metrics server should bind to. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | none |
PrometheusMetricsPort
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusMetricsPort |
| Description | The TCP port that the Prometheus metrics server should bind to. |
| Schema | Integer: [0,65535] |
| Default | 9091 |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSMETRICSPORT |
| Description | The TCP port that the Prometheus metrics server should bind to. |
| Schema | Integer: [0,65535] |
| Default | 9091 |
PrometheusProcessMetricsEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusProcessMetricsEnabled |
| Description | Disables process metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSPROCESSMETRICSENABLED |
| Description | Disables process metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
PrometheusWireGuardMetricsEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | PrometheusWireGuardMetricsEnabled |
| Description | Disables WireGuard metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
| Attribute | Value |
|---|---|
| Key | FELIX_PROMETHEUSWIREGUARDMETRICSENABLED |
| Description | Disables WireGuard metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
Data plane: Common
No matching group found for 'Dataplane: Common'.
Data plane: iptables
No matching group found for 'Dataplane: iptables'.
Data plane: nftables
No matching group found for 'Dataplane: nftables'.
Data plane: eBPF
No matching group found for 'Dataplane: eBPF'.
Data plane: Windows
No matching group found for 'Dataplane: Windows'.
Data plane: OpenStack support
No matching group found for 'Dataplane: OpenStack support'.
Data plane: XDP acceleration for iptables data plane
No matching group found for 'Dataplane: XDP acceleration for iptables dataplane'.
Overlay: VXLAN overlay
VXLANEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | VXLANEnabled |
| Description | Overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix determines this based on the existing IP pools. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_VXLANENABLED |
| Description | Overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix determines this based on the existing IP pools. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | none |
VXLANMTU
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | VXLANMTU |
| Description | The MTU to set on the IPv4 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_VXLANMTU |
| Description | The MTU to set on the IPv4 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
VXLANMTUV6
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | VXLANMTUV6 |
| Description | The MTU to set on the IPv6 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_VXLANMTUV6 |
| Description | The MTU to set on the IPv6 VXLAN tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
VXLANPort
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | VXLANPort |
| Description | The UDP port number to use for VXLAN traffic. |
| Schema | Integer |
| Default | 4789 |
| Attribute | Value |
|---|---|
| Key | FELIX_VXLANPORT |
| Description | The UDP port number to use for VXLAN traffic. |
| Schema | Integer |
| Default | 4789 |
VXLANVNI
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | VXLANVNI |
| Description | The VXLAN VNI to use for VXLAN traffic. You may need to change this if the default value is in use on your system. |
| Schema | Integer |
| Default | 4096 |
| Attribute | Value |
|---|---|
| Key | FELIX_VXLANVNI |
| Description | The VXLAN VNI to use for VXLAN traffic. You may need to change this if the default value is in use on your system. |
| Schema | Integer |
| Default | 4096 |
Overlay: IP-in-IP
IpInIpEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | IpInIpEnabled |
| Description | Overrides whether Felix should configure an IPIP interface on the host. Optional as Felix determines this based on the existing IP pools. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_IPINIPENABLED |
| Description | Overrides whether Felix should configure an IPIP interface on the host. Optional as Felix determines this based on the existing IP pools. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | none |
IpInIpMtu
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | IpInIpMtu |
| Description | Controls the MTU to set on the IPIP tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_IPINIPMTU |
| Description | Controls the MTU to set on the IPIP tunnel device. Optional as Felix auto-detects the MTU based on the MTU of the host's interfaces. |
| Schema | Integer |
| Default | 0 |
Overlay: WireGuard
WireguardEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardEnabled |
| Description | Controls whether Wireguard is enabled for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDENABLED |
| Description | Controls whether Wireguard is enabled for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
WireguardEnabledV6
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardEnabledV6 |
| Description | Controls whether Wireguard is enabled for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDENABLEDV6 |
| Description | Controls whether Wireguard is enabled for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
WireguardHostEncryptionEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardHostEncryptionEnabled |
| Description | Controls whether Wireguard host-to-host encryption is enabled. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDHOSTENCRYPTIONENABLED |
| Description | Controls whether Wireguard host-to-host encryption is enabled. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
WireguardInterfaceName
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardInterfaceName |
| Description | Specifies the name to use for the IPv4 Wireguard interface. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,15}$ |
| Default | wireguard.cali |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDINTERFACENAME |
| Description | Specifies the name to use for the IPv4 Wireguard interface. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,15}$ |
| Default | wireguard.cali |
WireguardInterfaceNameV6
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardInterfaceNameV6 |
| Description | Specifies the name to use for the IPv6 Wireguard interface. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,15}$ |
| Default | wg-v6.cali |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDINTERFACENAMEV6 |
| Description | Specifies the name to use for the IPv6 Wireguard interface. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,15}$ |
| Default | wg-v6.cali |
WireguardListeningPort
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardListeningPort |
| Description | Controls the listening port used by IPv4 Wireguard. |
| Schema | Integer |
| Default | 51820 |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDLISTENINGPORT |
| Description | Controls the listening port used by IPv4 Wireguard. |
| Schema | Integer |
| Default | 51820 |
WireguardListeningPortV6
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardListeningPortV6 |
| Description | Controls the listening port used by IPv6 Wireguard. |
| Schema | Integer |
| Default | 51821 |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDLISTENINGPORTV6 |
| Description | Controls the listening port used by IPv6 Wireguard. |
| Schema | Integer |
| Default | 51821 |
WireguardMTU
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardMTU |
| Description | Controls the MTU on the IPv4 Wireguard interface. See Configuring MTU. |
| Schema | Integer |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDMTU |
| Description | Controls the MTU on the IPv4 Wireguard interface. See Configuring MTU. |
| Schema | Integer |
| Default | 0 |
WireguardMTUV6
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardMTUV6 |
| Description | Controls the MTU on the IPv6 Wireguard interface. See Configuring MTU. |
| Schema | Integer |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDMTUV6 |
| Description | Controls the MTU on the IPv6 Wireguard interface. See Configuring MTU. |
| Schema | Integer |
| Default | 0 |
WireguardPersistentKeepAlive
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardPersistentKeepAlive |
| Description | Controls Wireguard PersistentKeepalive option. Set 0 to disable. |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDPERSISTENTKEEPALIVE |
| Description | Controls Wireguard PersistentKeepalive option. Set 0 to disable. |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
WireguardRoutingRulePriority
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardRoutingRulePriority |
| Description | Controls the priority value to use for the Wireguard routing rule. |
| Schema | Integer |
| Default | 99 |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDROUTINGRULEPRIORITY |
| Description | Controls the priority value to use for the Wireguard routing rule. |
| Schema | Integer |
| Default | 99 |
WireguardThreadingEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | WireguardThreadingEnabled |
| Description | Controls whether Wireguard has Threaded NAPI enabled.
This increases the maximum number of packets a Wireguard interface can process.
Consider threaded NAPI only if you have high packets per second workloads that are causing dropping packets due to a saturated |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_WIREGUARDTHREADINGENABLED |
| Description | Controls whether Wireguard has Threaded NAPI enabled.
This increases the maximum number of packets a Wireguard interface can process.
Consider threaded NAPI only if you have high packets per second workloads that are causing dropping packets due to a saturated |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
AWS integration
AWSSrcDstCheck
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | AWSSrcDstCheck |
| Description | Controls whether Felix will try to change the "source/dest check" setting on the EC2 instance on which it is running. A value of "Disable" will try to disable the source/dest check. Disabling the check allows for sending workload traffic without encapsulation within the same AWS subnet. |
| Schema | One of: Disable, DoNothing, Enable (case insensitive) |
| Default | DoNothing |
| Attribute | Value |
|---|---|
| Key | FELIX_AWSSRCDSTCHECK |
| Description | Controls whether Felix will try to change the "source/dest check" setting on the EC2 instance on which it is running. A value of "Disable" will try to disable the source/dest check. Disabling the check allows for sending workload traffic without encapsulation within the same AWS subnet. |
| Schema | One of: Disable, DoNothing, Enable (case insensitive) |
| Default | DoNothing |
Debug/test-only (generally unsupported)
DebugBPFCgroupV2
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugBPFCgroupV2 |
| Description | Controls the cgroup v2 path that we apply the connect-time load balancer to. Most distros are configured for cgroup v1, which prevents all but the root cgroup v2 from working so this is only useful for development right now. |
| Schema | String |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGBPFCGROUPV2 |
| Description | Controls the cgroup v2 path that we apply the connect-time load balancer to. Most distros are configured for cgroup v1, which prevents all but the root cgroup v2 from working so this is only useful for development right now. |
| Schema | String |
| Default | none |
DebugCPUProfilePath
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugCPUProfilePath |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Path to file |
| Default | /tmp/felix-cpu-<timestamp>.pprof |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGCPUPROFILEPATH |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Path to file |
| Default | /tmp/felix-cpu-<timestamp>.pprof |
DebugDisableLogDropping
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugDisableLogDropping |
| Description | Disables the dropping of log messages when the log buffer is full. This can significantly impact performance if log write-out is a bottleneck. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGDISABLELOGDROPPING |
| Description | Disables the dropping of log messages when the log buffer is full. This can significantly impact performance if log write-out is a bottleneck. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
DebugHost
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugHost |
| Description | The host IP or hostname to bind the debug port to. Only used if DebugPort is set. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | localhost |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGHOST |
| Description | The host IP or hostname to bind the debug port to. Only used if DebugPort is set. |
| Schema | String matching regex ^[a-zA-Z0-9:._+-]{1,64}$ |
| Default | localhost |
DebugMemoryProfilePath
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugMemoryProfilePath |
| Description | The path to write the memory profile to when triggered by signal. |
| Schema | Path to file |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGMEMORYPROFILEPATH |
| Description | The path to write the memory profile to when triggered by signal. |
| Schema | Path to file |
| Default | none |
DebugPanicAfter
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugPanicAfter |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Seconds (floating point) |
| Default | 0 |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGPANICAFTER |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Seconds (floating point) |
| Default | 0 |
DebugPort
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugPort |
| Description | If set, enables Felix's debug HTTP port, which allows memory and CPU profiles to be retrieved. The debug port is not secure, it should not be exposed to the internet. |
| Schema | Integer: [0,65535] |
| Default | none |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGPORT |
| Description | If set, enables Felix's debug HTTP port, which allows memory and CPU profiles to be retrieved. The debug port is not secure, it should not be exposed to the internet. |
| Schema | Integer: [0,65535] |
| Default | none |
DebugSimulateCalcGraphHangAfter
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugSimulateCalcGraphHangAfter |
| Description | Used to simulate a hang in the calculation graph after the specified duration. This is useful in tests of the watchdog system only! |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGSIMULATECALCGRAPHHANGAFTER |
| Description | Used to simulate a hang in the calculation graph after the specified duration. This is useful in tests of the watchdog system only! |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
DebugSimulateDataRace
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugSimulateDataRace |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGSIMULATEDATARACE |
| Description | Unsupported diagnostic setting, used when testing Felix. Not exposed in |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | false |
DebugSimulateDataplaneApplyDelay
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugSimulateDataplaneApplyDelay |
| Description | Adds an artificial delay to every dataplane operation. This is useful for simulating a heavily loaded system for test purposes only. |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGSIMULATEDATAPLANEAPPLYDELAY |
| Description | Adds an artificial delay to every dataplane operation. This is useful for simulating a heavily loaded system for test purposes only. |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
DebugSimulateDataplaneHangAfter
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | DebugSimulateDataplaneHangAfter |
| Description | Used to simulate a hang in the dataplane after the specified duration. This is useful in tests of the watchdog system only! |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_DEBUGSIMULATEDATAPLANEHANGAFTER |
| Description | Used to simulate a hang in the dataplane after the specified duration. This is useful in tests of the watchdog system only! |
| Schema | Seconds (floating point) |
| Default | 0 (0s) |
Usage reporting
UsageReportingEnabled
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | UsageReportingEnabled |
| Description | Reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage server. For example, if a significant security vulnerability has been discovered in the version of Calico being used. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
| Attribute | Value |
|---|---|
| Key | FELIX_USAGEREPORTINGENABLED |
| Description | Reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage server. For example, if a significant security vulnerability has been discovered in the version of Calico being used. |
| Schema | Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False. |
| Default | true |
UsageReportingInitialDelaySecs
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | UsageReportingInitialDelaySecs |
| Description | Controls the minimum delay before Felix makes a report. |
| Schema | Seconds (floating point) |
| Default | 300 (5m0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_USAGEREPORTINGINITIALDELAYSECS |
| Description | Controls the minimum delay before Felix makes a report. |
| Schema | Seconds (floating point) |
| Default | 300 (5m0s) |
UsageReportingIntervalSecs
- Configuration file
- Environment variable
| Attribute | Value |
|---|---|
| Key | UsageReportingIntervalSecs |
| Description | Controls the interval at which Felix makes reports. |
| Schema | Seconds (floating point) |
| Default | 86400 (24h0m0s) |
| Attribute | Value |
|---|---|
| Key | FELIX_USAGEREPORTINGINTERVALSECS |
| Description | Controls the interval at which Felix makes reports. |
| Schema | Seconds (floating point) |
| Default | 86400 (24h0m0s) |
Environment variables
The highest priority of configuration is that read from environment
variables. To set a configuration parameter via an environment variable,
set the environment variable formed by taking FELIX_ and appending the
uppercase form of the variable name. For example, to set the etcd
address, set the environment variable FELIX_ETCDADDR. Other examples
include FELIX_ETCDSCHEME, FELIX_ETCDKEYFILE, FELIX_ETCDCERTFILE,
FELIX_ETCDCAFILE, FELIX_FELIXHOSTNAME, FELIX_LOGFILEPATH and
FELIX_METADATAADDR.
To set a parameter to an empty value using an environment variable, assign an empty string to it (e.g., FELIX_FAILSAFEINBOUNDHOSTPORTS="").
Configuration file
On startup, Felix reads an ini-style configuration file. The path to
this file defaults to /etc/calico/felix.cfg but can be overridden
using the -c or --config-file options on the command line. If the
file exists, then it is read (ignoring section names) and all parameters
are set from it.
In OpenStack, we recommend putting all configuration into configuration files, since the etcd database is transient (and may be recreated by the OpenStack plugin in certain error cases). However, in a Docker environment the use of environment variables or etcd is often more convenient.
Datastore
Felix also reads configuration parameters from the datastore. It supports a global setting and a per-host override.
-
Get the current felixconfig settings.
calicoctl get felixconfig default -o yaml --export > felix.yaml -
Modify logFilePath to your intended path, e.g. "/tmp/felix.log"
vim felix.yamltipFor a global change set name to "default". For a node-specific change: set name to
node.<nodename>, e.g. "node.Calico-node-1" -
Replace the current felixconfig settings
calicoctl replace -f felix.yaml
For more information, see Felix Configuration Resource.