Cilium agent not ready errors occur during initialization or when dependencies fail. Fix by checking pod logs, verifying kernel compatibility, and ensuring sufficient system resources.
The Cilium agent daemon is responsible for eBPF policy enforcement and pod networking on each node. When the agent is not ready, the node cannot schedule pods or enforce network policies. The agent must complete initialization including eBPF program loading and kernel module setup before becoming ready.
View detailed initialization logs:
kubectl logs -n kube-system -l app=cilium --tail=100
kubectl logs -n kube-system -l app=cilium --previousLook for eBPF loading errors, memory allocation failures, or kernel incompatibility messages.
Check kernel compatibility with Cilium version:
uname -r
kubectl describe node <node-name> | grep -i kernelMinimum kernel depends on Cilium version (typically 4.9+).
Verify if agent-not-ready taint is present:
kubectl describe node <node-name> | grep Taints
kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taintsTaint should be removed once agent becomes ready.
Ensure kernel eBPF features are available:
grep BPF /boot/config-$(uname -r)
ls -la /sys/kernel/debug/tracing/
grep -E "(bpf|tracepoint)" /proc/sys/kernel/perf_event_paranoidIf agent fails due to IP allocation, check IP pool:
kubectl exec -it -n kube-system ds/cilium -- cilium-dbg status | grep -i ipam
kubectl exec -it -n kube-system ds/cilium -- cilium-dbg ipamEnsure sufficient CPU and memory:
kubectl top nodes
kubectl describe node <node-name> | grep -A 5 "Allocatable"Cilium requires at least 512MB RAM per node.
Review CNI config for conflicts with other plugins:
cat /etc/cni/net.d/*
kubectl get daemonset -n kube-system | grep -i cniEnsure only one CNI plugin is configured.
Force full restart of Cilium:
kubectl rollout restart daemonset/cilium -n kube-system
kubectl rollout status daemonset/cilium -n kube-system --timeout=5mMonitor logs during restart for initialization progress.
For production, ensure all nodes meet kernel and resource requirements before deploying Cilium. Pre-load eBPF programs for faster agent startup. Monitor Cilium agent health via metrics endpoint. Use BPF ring buffer for events instead of perf ring in high-throughput environments. For multi-node clusters, implement node affinity for critical workloads while Cilium stabilizes on some nodes.
Failed to connect to server: connection refused (HTTP/2)
How to fix "HTTP/2 connection refused" error in Kubernetes
missing request for cpu in container
How to fix "missing request for cpu in container" in Kubernetes HPA
error: invalid configuration
How to fix "error: invalid configuration" in Kubernetes
etcdserver: cluster ID mismatch
How to fix "etcdserver: cluster ID mismatch" in Kubernetes
running with swap on is not supported
How to fix "running with swap on is not supported" in kubeadm