Skip to main content
In this lesson we cover two essential cilium-cli commands for administering Cilium on a Kubernetes cluster: how to view the active Cilium configuration and how to enable debug-level logging for troubleshooting. These commands read from and modify the cilium-config ConfigMap and (when needed) trigger a restart of Cilium agents so changes take effect.
A simple presentation slide with the title "Cilium CLI" centered on a blue-to-teal gradient background. In the bottom-left corner is a small "© Copyright KodeKloud" notice.
Why these commands are useful:
  • Inspect current runtime and configuration values.
  • Temporarily increase logging detail to diagnose networking, policy, or datapath issues.
  • Apply and revert settings without editing ConfigMaps manually.

Quick command reference

CommandPurposeExample
cilium config viewDisplay the active Cilium configuration (from the cilium-config ConfigMap).cilium config view
cilium config set debug trueEnable debug logging (patches the ConfigMap and restarts Cilium pods).cilium config set debug true
cilium config set debug falseDisable debug logging (revert to default logging level).cilium config set debug false
kubectl -n kube-system get pods -l k8s-app=ciliumVerify Cilium pods and check for restarts after config changes.kubectl -n kube-system get pods -l k8s-app=cilium
kubectl -n kube-system logs <cilium-pod-name>Inspect Cilium pod logs (useful when debug is enabled).kubectl -n kube-system logs cilium-abcde

View the current Cilium configuration

Use this to quickly inspect values stored in the cilium-config ConfigMap and confirm how Cilium is configured in the cluster: 
cilium config view
If you prefer to inspect the raw ConfigMap with kubectl: 
kubectl -n kube-system get configmap cilium-config -o yaml
This is helpful when you want to see timestamps, annotations, or any fields not surfaced by the cilium CLI output.

Enable debug logging (toggle)

Enabling debug logging increases log verbosity from Cilium agents, which is useful when isolating issues in datapath, agent communication, or policy enforcement. The cilium CLI patches the cilium-config ConfigMap and restarts Cilium pods so agents pick up the change. Enable debug logging: 
cilium config set debug true
Typical CLI output after enabling debug: 
Patching ConfigMap cilium-config with debug=true...
Restarted Cilium pods
To revert debug logging back to normal (disable verbose logs): 
cilium config set debug false

Verify pods and inspect logs

After toggling debug, confirm the pods restarted and examine logs: 
# list Cilium pods (typically in the kube-system namespace)
kubectl -n kube-system get pods -l k8s-app=cilium

# view logs from a specific Cilium pod
kubectl -n kube-system logs <cilium-pod-name>
When debug is enabled, logs will contain more detailed information about policy decisions, BPF loading, and datapath events. Use pod logs combined with cilium status and cilium endpoint list for deeper troubleshooting.
Enabling debug logging produces verbose output and can increase log volume significantly. Use it for troubleshooting and disable it (set debug false) when finished.
Do not leave debug logging enabled in production for long periods. Increased log volume can impact storage and performance and may expose sensitive internal details.

Watch Video