Skip to main content
This guide shows two ways to change an existing Cilium configuration on a Kubernetes cluster:
  • Update via Helm (recommended when Cilium was installed with Helm).
  • Edit the Cilium ConfigMap directly (useful for quick runtime changes or when Helm was not used).
These instructions assume you have kubectl and, if using Helm, the Helm CLI configured for the cluster.
A presentation slide titled "Updating Cilium Configuration" with a large turquoise curved shape on the right containing the word "Demo." The bottom-left shows a small "© Copyright KodeKloud" attribution.

1 — Verify cluster and Cilium installation

Confirm cluster nodes: 
kubectl get nodes
Confirm Cilium pods (all namespaces): 
kubectl get pods -A
Example (abbreviated) output: 
NAMESPACE     NAME                                             READY   STATUS    RESTARTS   AGE
kube-system   cilium-hpfns                                     1/1     Running   0          2m
kube-system   cilium-operator-59944f4b8f-kw9p9                 1/1     Running   0          2m
kube-system   cilium-qn9dg                                     1/1     Running   0          2m
kube-system   coredns-668d6bf9bc-gpc8z                         1/1     Running   0          3m
...
If Cilium was installed with Helm, prefer updating configuration via Helm so your changes are tracked by the release.

Quick comparison: Helm vs ConfigMap editing

Resource TypeUse CaseRecommended when
Helm values + helm upgradePersistent, repeatable configuration changes tracked by HelmCilium installed with Helm; you want changes preserved across upgrades
Edit cilium-config ConfigMapImmediate runtime tweaks or when Helm was not usedQuick tests or clusters without Helm-managed Cilium (note: may be overwritten by Helm)
  1. Export or open the values.yaml you used for the Helm release and change the values you want.
    Example: enable debug logging by changing:
debug:
  # -- Enable debug logging
  enabled: false
to: 
debug:
  # -- Enable debug logging
  enabled: true
  1. Confirm the Helm release and namespace (Cilium commonly lives in kube-system):
helm list -n kube-system
  1. Apply the updated values with helm upgrade. The -n (namespace) flag must match the existing release:
helm upgrade cilium cilium/cilium -n kube-system -f values.yaml
A successful upgrade will generate and apply new Kubernetes manifests. Example summary: 
STATUS: deployed
REVISION: 2
NOTES:
You have successfully upgraded Cilium.

3 — Update configuration by editing the ConfigMap directly

Cilium stores many runtime options in the cilium-config ConfigMap in the kube-system namespace. Use this method for quick runtime changes or when Cilium was not installed with Helm. Inspect whether a specific flag (e.g., debug) is set: 
kubectl describe configmap cilium-config -n kube-system | grep -i debug -A 3
Example output: 
debug:
true
Edit the ConfigMap: 
kubectl edit configmap cilium-config -n kube-system
Make required changes in the data: section. Example — disable IPv6: Before: 
enable-ipv6: "true"
k8s-require-ipv6-pod-cidr: "true"
After: 
enable-ipv6: "false"
# removed k8s-require-ipv6-pod-cidr
After saving the edit you should see: 
configmap/cilium-config edited
If Cilium is managed by Helm, the cilium-config ConfigMap may be owned by the Helm release. Direct edits with kubectl can be overwritten by future helm upgrade or helm rollback actions. Prefer updating Helm values when possible or coordinate ConfigMap edits with your Helm values.

4 — Restart Cilium components so changes take effect

After modifying the ConfigMap (or after a Helm upgrade), restart the operator and agent so they pick up the new configuration. Restart the operator (Deployment) and the agent (DaemonSet): 
kubectl rollout restart deployment cilium-operator -n kube-system
kubectl rollout restart daemonset cilium -n kube-system
Example outputs: 
deployment.apps/cilium-operator restarted
daemonset.apps/cilium restarted
Monitor pod status while they restart: 
kubectl get pods -A --watch
Wait until the new Cilium pods reach Running status. Init containers may take a short while to complete.
After changing the Cilium ConfigMap, you must restart the operator and agent pods so the new configuration is applied.

5 — Verify the change (example: confirm IPv6 disabled)

Create a test pod: 
kubectl run nginx --image=nginx --restart=Never
kubectl get pods -w
Describe the test pod to inspect assigned IP(s): 
kubectl describe pod nginx
Relevant excerpt showing only an IPv4 address (IPv6 disabled): 
IP:             10.0.2.163
IPs:
  IP:           10.0.2.163

Troubleshooting tips

  • If changes do not appear to apply:
    • Verify you edited the correct ConfigMap and namespace.
    • Confirm the Cilium Helm release is not overwriting settings (check helm get values <release> -n <ns>).
    • Check operator and agent logs for errors: 
      kubectl logs -l k8s-app=cilium -n kube-system --tail=200
kubectl logs deployment/cilium-operator -n kube-system --tail=200
  • For transient issues after restart, allow a few minutes for init containers and datapath programs to reinitialize.

Summary

  • Prefer updating the Helm values.yaml and running helm upgrade when Cilium was installed with Helm—this preserves configuration in the release.
  • Editing the cilium-config ConfigMap is useful for quick runtime changes or on clusters where Cilium was not installed with Helm. After editing, restart the cilium-operator deployment and the cilium daemonset so changes take effect.
  • Always validate changes by creating test pods and checking their assigned IPs and Cilium logs.

Watch Video

Practice Lab