Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) #30231

zentavr · 2024-11-06T01:09:28Z

Name and Version

bitnami/cilium 1.2.5

What architecture are you using?

None

What steps will reproduce the bug?

I have an Ubuntu-based K8S cluster Installed using kubeadm:

root@master1:~# kubectl get nodes -o wide
NAME      STATUS     ROLES           AGE    VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
master1   NotReady   control-plane   23h    v1.31.2   192.168.10.10   <none>        Ubuntu 24.04.1 LTS   6.8.0-41-generic   containerd://1.7.22
master2   NotReady   control-plane   174m   v1.31.2   192.168.10.18   <none>        Ubuntu 24.04.1 LTS   6.8.0-48-generic   containerd://1.7.22
master3   NotReady   control-plane   171m   v1.31.2   192.168.10.19   <none>        Ubuntu 24.04.1 LTS   6.8.0-48-generic   containerd://1.7.22
worker1   NotReady   <none>          23h    v1.31.2   192.168.10.11   <none>        Ubuntu 24.04.1 LTS   6.8.0-41-generic   containerd://1.7.22
worker2   NotReady   <none>          3h9m   v1.31.2   192.168.10.16   <none>        Ubuntu 24.04.1 LTS   6.8.0-48-generic   containerd://1.7.22
worker3   NotReady   <none>          3h9m   v1.31.2   192.168.10.17   <none>        Ubuntu 24.04.1 LTS   6.8.0-48-generic   containerd://1.7.22

If I deploy bitnami/cilium helm chart, nothing happens and the nodes stay in NotReady state

Are you using any custom parameters or values?

---
extraDeploy: []
clusterName: poc-cluster

azure:
  enabled: false

aws:
  enabled: false

gcp:
  enabled: false

agent:
  cniPlugin:
    install: true
    uninstall: false
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi
  tolerations:
    - operator: Exists

operator:
  replicaCount: 1
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi

envoy:
  useDaemonSet: false
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi

hubble:
  tls:
    enabled: true
  relay:
    enabled: true
    replicaCount: 1
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 150m
        memory: 192Mi
  ui:
    enabled: true
    replicaCount: 1
    service:
      #type: LoadBalancer
      type: ClusterIP
      annotations: {}
    ingress:
      enabled: false
      pathType: ImplementationSpecific
      hostname: hubble.local
      ingressClassName: ""
      path: /
      annotations: {}
      tls: false
      selfSigned: false
    frontend:
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 150m
          memory: 192Mi
    backend:
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 150m
          memory: 192Mi

etcd:
  enabled: true
  replicaCount: 3

What is the expected behavior?

Cluster up and running

What do you see instead?

The logs from cilium-agent-spmcc pod:

time="2024-11-06T00:05:15Z" level=info msg="Memory available for map entries (0.003% of 67192528896B): 167981322B" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="option bpf-ct-global-tcp-max set by dynamic sizing to 589408" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="option bpf-ct-global-any-max set by dynamic sizing to 294704" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="option bpf-nat-global-max set by dynamic sizing to 589408" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="option bpf-neigh-global-max set by dynamic sizing to 589408" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="option bpf-sock-rev-map-max set by dynamic sizing to 294704" subsys=config
time="2024-11-06T00:05:15Z" level=info msg="  --agent-health-port='9879'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --agent-labels=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --agent-liveness-update-interval='1s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --agent-not-ready-taint-key='node.cilium.io/agent-not-ready'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --allocator-list-timeout='3m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --allow-icmp-frag-needed='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --allow-localhost='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --annotate-k8s-node='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --api-rate-limit=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --arping-refresh-period='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --auto-create-cilium-node-resource='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --auto-direct-node-routes='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bgp-announce-lb-ip='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bgp-announce-pod-cidr='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bgp-config-path='/var/lib/cilium/bgp/config.yaml'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-auth-map-max='524288'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-global-any-max='262144'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-global-tcp-max='524288'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-regular-tcp='2h13m20s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-service-any='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-service-tcp='2h13m20s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-ct-timeout-service-tcp-grace='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-events-drop-enabled='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-events-policy-verdict-enabled='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-events-trace-enabled='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-filter-priority='1'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-fragments-map-max='8192'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-acceleration='disabled'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-affinity-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-algorithm='random'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-dsr-dispatch='opt'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-dsr-l4-xlate='frontend'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-external-clusterip='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-maglev-hash-seed='JLfvgnHc2kaSUFaI'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-maglev-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-maglev-table-size='16381'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-map-max='65536'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-mode='snat'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-rev-nat-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-rss-ipv4-src-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-rss-ipv6-src-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-service-backend-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-service-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-sock='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-sock-hostns-only='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-sock-terminate-pod-connections='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-lb-source-range-map-max='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-map-dynamic-size-ratio='0.0025'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-map-event-buffers=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-nat-global-max='524288'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-neigh-global-max='524288'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-node-map-max='16384'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-policy-map-full-reconciliation-interval='15m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-policy-map-max='16384'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-root='/sys/fs/bpf'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bpf-sock-rev-map-max='262144'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --bypass-ip-availability-upon-restore='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --certificates-directory='/certs'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cflags=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cgroup-root='/run/cilium/cgroupv2'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --clean-cilium-bpf-state='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --clean-cilium-state='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cluster-health-port='4240'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cluster-id='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cluster-name='poc-cluster'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cluster-pool-ipv4-cidr='10.0.0.0/8'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cluster-pool-ipv4-mask-size='24'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --clustermesh-config=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --clustermesh-ip-identities-sync-timeout='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --clustermesh-sync-timeout='1m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cmdref=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-chaining-mode='none'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-chaining-target=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-exclusive='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-external-routing='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-log-file='/opt/bitnami/cilium/var/run/cni.log'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --cni-uninstall='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --config=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --config-dir='/opt/bitnami/cilium/conf'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --config-sources='config-map:sys-cilium/cilium'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --conntrack-gc-interval='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --conntrack-gc-max-interval='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --container-ip-local-reserved-ports='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --controller-group-metrics=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --crd-wait-timeout='5m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --custom-cni-conf='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --datapath-mode='veth'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --debug='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --debug-verbose=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --derive-masq-ip-addr-from-device=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --devices=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --direct-routing-device=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --direct-routing-skip-unreachable='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --disable-endpoint-crd='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --disable-envoy-version-check='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --disable-external-ip-mitigation='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --disable-iptables-feeder-rules=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dns-max-ips-per-restored-rule='1000'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dns-policy-unload-on-shutdown='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-concurrency-limit='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-concurrency-processing-grace-period='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-enable-transparent-mode='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-insecure-skip-transparent-mode-check='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-lock-count='131'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-lock-timeout='500ms'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --dnsproxy-socket-linger-timeout='10'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --egress-gateway-policy-map-max='16384'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --egress-gateway-reconciliation-trigger-interval='1s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --egress-masquerade-interfaces=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --egress-multi-home-ip-rule-compat='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-active-connection-tracking='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-auto-protect-node-port-range='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bandwidth-manager='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bbr='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bgp-control-plane='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bpf-clock-probe='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bpf-masquerade='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-bpf-tproxy='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-cilium-api-server-access='*'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-cilium-endpoint-slice='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-cilium-health-api-server-access='*'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-custom-calls='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-encryption-strict-mode='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-endpoint-health-checking='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-endpoint-routes='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-envoy-config='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-external-ips='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-gateway-api='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-health-check-loadbalancer-ip='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-health-check-nodeport='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-health-checking='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-high-scale-ipcache='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-host-firewall='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-host-legacy-routing='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-host-port='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-hubble='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-hubble-recorder-api='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-icmp-rules='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-identity-mark='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ingress-controller='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ip-masq-agent='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipip-termination='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipsec='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipsec-encrypted-overlay='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipsec-key-watcher='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipsec-xfrm-state-caching='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv4='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv4-big-tcp='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv4-egress-gateway='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv4-fragment-tracking='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv4-masquerade='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv6='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv6-big-tcp='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv6-masquerade='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-ipv6-ndp='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-k8s='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-k8s-api-discovery='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-k8s-endpoint-slice='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-k8s-networkpolicy='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-k8s-terminating-endpoint='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-l2-announcements='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-l2-neigh-discovery='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-l2-pod-announcements='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-l7-proxy='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-local-node-route='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-local-redirect-policy='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-masquerade-to-route-source='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-mke='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-monitor='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-nat46x64-gateway='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-node-port='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-node-selector-labels='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-pmtu-discovery='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-policy='default'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-recorder='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-route-mtu-for-cni-chaining='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-runtime-device-detection='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-sctp='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-service-topology='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-session-affinity='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-srv6='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-stale-cilium-endpoint-cleanup='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-svc-source-range-check='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-tcx='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-tracing='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-unreachable-routes='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-vtep='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-well-known-identities='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-wireguard='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-wireguard-userspace-fallback='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-xdp-prefilter='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --enable-xt-socket-fallback='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --encrypt-interface=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --encrypt-node='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --encryption-strict-mode-allow-remote-node-identities='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --encryption-strict-mode-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --endpoint-bpf-prog-watchdog-interval='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --endpoint-gc-interval='5m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --endpoint-queue-size='25'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-base-id='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-config-retry-interval='15s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-config-timeout='2m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-keep-cap-netbindservice='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-log=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --envoy-secrets-namespace=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --etcd-config='---,endpoints:,-,http://cilium-etcd:2379'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --exclude-local-address=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --exclude-node-label-patterns=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --external-envoy-proxy='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --fixed-identity-mapping=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --force-device-detection='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --fqdn-regex-compile-lru-size='1024'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --gateway-api-secrets-namespace=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --gops-port='9890'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-idle-timeout='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-max-grpc-timeout='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-normalize-path='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-request-timeout='3600'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-retry-count='3'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --http-retry-timeout='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-disable-tls='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-drop-events='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-drop-events-interval='2m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-drop-events-reasons='auth_required,policy_denied'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-event-buffer-capacity='4095'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-event-queue-size='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-allowlist=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-denylist=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-fieldmask=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-file-compress='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-file-max-backups='5'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-file-max-size-mb='10'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-export-file-path=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-flowlogs-config-path=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-listen-address=':4244'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-metrics=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-metrics-server=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-monitor-events=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-prefer-ipv6='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-recorder-sink-queue-size='1024'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-recorder-storage-path='/var/run/cilium/pcaps'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-enabled='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-http-headers-allow=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-http-headers-deny=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-http-urlquery='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-http-userinfo='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-redact-kafka-apikey='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-skip-unknown-cgroup-ids='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-socket-path='/opt/bitnami/cilium/var/run/hubble.sock'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-tls-cert-file='/certs/hubble/tls.crt'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-tls-client-ca-files='/certs/hubble/ca.crt'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --hubble-tls-key-file='/certs/hubble/tls.key'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --identity-allocation-mode='crd'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --identity-change-grace-period='5s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --identity-restore-grace-period='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ingress-secrets-namespace=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --install-iptables-rules='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --install-no-conntrack-iptables-rules='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipam='cluster-pool'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipam-cilium-node-update-rate='15s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipam-default-ip-pool='default'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipam-multi-pool-pre-allocation=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipsec-key-file=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipsec-key-rotation-duration='5m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --iptables-lock-timeout='5s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --iptables-random-fully='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-native-routing-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-node='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-pod-subnets=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-range='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv4-service-range='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-mcast-device=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-native-routing-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-node='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-pod-subnets=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-range='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --ipv6-service-range='auto'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --join-cluster='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-api-server=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-client-burst='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-client-connection-keep-alive='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-client-connection-timeout='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-client-qps='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-heartbeat-timeout='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-kubeconfig-path=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-namespace='sys-cilium'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-require-ipv4-pod-cidr='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-require-ipv6-pod-cidr='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-service-cache-size='128'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-service-proxy-name=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-sync-timeout='3m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --keep-config='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kube-proxy-replacement='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kube-proxy-replacement-healthz-bind-address=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore-connectivity-timeout='2m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore-lease-ttl='15m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore-max-consecutive-quorum-errors='2'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore-opt='{\"etcd.config\":,\"/opt/bitnami/cilium/var/lib/etcd/etcd.config\"}'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --kvstore-periodic-sync='5m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --l2-announcements-lease-duration='15s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --l2-announcements-renew-deadline='5s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --l2-announcements-retry-period='2s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --l2-pod-announcements-interface=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --label-prefix-file=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --labels=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --lib-dir='/opt/bitnami/cilium/var/lib'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --local-max-addr-scope='252'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --local-router-ipv4=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --local-router-ipv6=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --log-driver=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --log-opt=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --log-system-load='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --max-connected-clusters='255'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --max-controller-interval='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --max-internal-timer-delay='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-enabled='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-gc-interval='5m0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-mutual-connect-timeout='5s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-mutual-listener-port='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-queue-size='1024'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-rotated-identities-queue-size='1024'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-signal-backoff-duration='1s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-spiffe-trust-domain='spiffe.cilium'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mesh-auth-spire-admin-socket=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --metrics=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mke-cgroup-mount=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --monitor-aggregation='medium'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --monitor-aggregation-flags='all'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --monitor-aggregation-interval='5s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --monitor-queue-size='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --mtu='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --multicast-enabled='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --nat-map-stats-entries='32'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --nat-map-stats-interval='30s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-encryption-opt-out-labels='node-role.kubernetes.io/control-plane'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-labels=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-port-acceleration='disabled'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-port-algorithm='random'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-port-bind-protection='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-port-mode='snat'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --node-port-range='30000,32767'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --nodeport-addresses=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --operator-api-serve-addr=':9234'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --operator-pprof='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --policy-accounting='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --policy-audit-mode='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --policy-cidr-match-mode=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --policy-queue-size='100'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --policy-trigger-interval='1s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --pprof='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --pprof-address='localhost'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --pprof-port='6060'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --preallocate-bpf-maps='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --prepend-iptables-chains='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --procfs='/host/proc'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --prometheus-serve-addr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-admin-port='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-connect-timeout='2'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-gid='1337'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-idle-timeout-seconds='60'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-max-connection-duration-seconds='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-max-requests-per-connection='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-portrange-max='20000'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-portrange-min='10000'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-prometheus-port='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-xff-num-trusted-hops-egress='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --proxy-xff-num-trusted-hops-ingress='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --read-cni-conf=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --remove-cilium-node-taints='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --restore='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --route-metric='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --routing-mode='tunnel'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --service-no-backend-response='reject'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --set-cilium-is-up-condition='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --set-cilium-node-taints='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --skip-crd-creation='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --socket-path='/opt/bitnami/cilium/var/run/cilium.sock'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --srv6-encap-mode='reduced'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --state-dir='/opt/bitnami/cilium/var/run'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --static-cnp-path=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --synchronize-k8s-nodes='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-dns-reject-response-code='refused'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-enable-dns-compression='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-idle-connection-grace-period='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-min-ttl='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-pre-cache=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-proxy-port='0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --trace-payloadlen='128'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --trace-sock='true'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tunnel-port='8472'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --tunnel-protocol='vxlan'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --use-cilium-internal-ip-for-ipsec='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --use-full-tls-context='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --version='false'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --vlan-bpf-bypass=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --vtep-cidr=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --vtep-endpoint=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --vtep-mac=''" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --vtep-mask='255.255.255.0'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --wireguard-persistent-keepalive='0s'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="  --write-cni-conf-when-ready='/host/etc/cni/net.d/05-cilium.conflist'" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="     _ _ _" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg=" ___|_| |_|_ _ _____" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="|  _| | | | | |     |" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="Cilium 1.16.3  go version go1.23.2 linux/amd64" subsys=daemon
time="2024-11-06T00:05:15Z" level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf
time="2024-11-06T00:05:15Z" level=info msg="Mounted cgroupv2 filesystem at /run/cilium/cgroupv2" subsys=cgroups
time="2024-11-06T00:05:15Z" level=info msg="Parsing base label prefixes from default label list" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg="Parsing node label prefixes from user inputs: []" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg="Parsing additional label prefixes from user inputs: []" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg="Final label prefixes to be used for identity evaluation:" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - reserved:.*" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - :io\\.kubernetes\\.pod\\.namespace" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - :io\\.cilium\\.k8s\\.namespace\\.labels" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - :app\\.kubernetes\\.io" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - :io\\.cilium\\.k8s\\.policy\\.cluster" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:io\\.kubernetes" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:kubernetes\\.io" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:statefulset\\.kubernetes\\.io/pod-name" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:apps\\.kubernetes\\.io/pod-index" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:batch\\.kubernetes\\.io/job-completion-index" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:batch\\.kubernetes\\.io/controller-uid" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:.*beta\\.kubernetes\\.io" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:k8s\\.io" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:pod-template-generation" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:pod-template-hash" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:controller-revision-hash" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:controller-uid" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:annotation.*" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg=" - !:etcd_node" subsys=labels-filter
time="2024-11-06T00:05:15Z" level=info msg="Final node label prefixes to be used for identity evaluation:" subsys=labels-filter
time="2024-11-06T00:05:16Z" level=error msg="failed to init v1 node map" error="failed to init bpf map: Unable create map base directory /sys/fs/bpf/tc/globals/cilium_node_map: mkdir /sys/fs/bpf/tc: permission denied" subsys=NodeMap
time="2024-11-06T00:05:16Z" level=info msg="Cgroup metadata manager is enabled" subsys=cgroup-manager
time="2024-11-06T00:05:16Z" level=info msg="Spire Delegate API Client is disabled as no socket path is configured" subsys=spire-delegate
time="2024-11-06T00:05:16Z" level=info msg="Mutual authentication handler is disabled as no port is configured" subsys=auth
time=2024-11-06T00:05:16Z level=info msg=Invoked duration=686.200009ms function="cmd.configureAPIServer (cmd/cells.go:273)"
time=2024-11-06T00:05:16Z level=info msg=Starting
time="2024-11-06T00:05:16Z" level=info msg="Started gops server" address="127.0.0.1:9890" subsys=gops
time="2024-11-06T00:05:16Z" level=info msg="Establishing connection to apiserver" host="https://10.240.0.1:443" subsys=k8s-client
time="2024-11-06T00:05:16Z" level=info msg="Connected to apiserver" subsys=k8s-client
time=2024-11-06T00:05:16Z level=error msg="Start hook failed" function="authmap.newAuthMap.func1 (.../maps/authmap/cell.go:28) (agent.datapath.maps.auth-map)" error="failed to init bpf map: Unable create map base directory /sys/fs/bpf/tc/globals/cilium_auth_map: mkdir /sys/fs/bpf/tc: permission denied"
time=2024-11-06T00:05:16Z level=error msg="Start failed" error="failed to init bpf map: Unable create map base directory /sys/fs/bpf/tc/globals/cilium_auth_map: mkdir /sys/fs/bpf/tc: permission denied" duration=10.015813ms
time=2024-11-06T00:05:16Z level=info msg=Stopping
time=2024-11-06T00:05:16Z level=info msg="agent.datapath.sysctl.job-reconcile (rev=4)" module=health
time=2024-11-06T00:05:16Z level=info msg="agent.datapath.sysctl.job-refresh (rev=5)" module=health
time="2024-11-06T00:05:16Z" level=info msg="Stopped gops server" address="127.0.0.1:9890" subsys=gops
time="2024-11-06T00:05:16Z" level=fatal msg="failed to start: failed to init bpf map: Unable create map base directory /sys/fs/bpf/tc/globals/cilium_auth_map: mkdir /sys/fs/bpf/tc: permission denied" subsys=daemon

Additional information

root@master1:~# sysctl -a | grep bpf
kernel.bpf_stats_enabled = 0
kernel.unprivileged_bpf_disabled = 2
net.core.bpf_jit_enable = 1
net.core.bpf_jit_harden = 0
net.core.bpf_jit_kallsyms = 1
net.core.bpf_jit_limit = 528482304

The text was updated successfully, but these errors were encountered:

zentavr · 2024-11-06T01:52:38Z

At the vendor's helm chart there is a workaround container here, called sysctlfix: https://github.com/cilium/cilium/blob/3a988cd59c83355891f4d61815baf260caf6bf1f/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml#L527-L572

It uses the binary utillity, called /usr/bin/cilium-sysctlfix

zentavr · 2024-11-06T02:09:46Z

Could this security update be the issue?
https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047

zentavr · 2024-11-06T02:18:13Z

As a workaround, I'd started the pod in the privileged mode. Also, I had to adjust the tolerations for the operator as well.
The values look like this right now:

---
extraDeploy: []
clusterName: poc-cluster

azure:
  enabled: false

aws:
  enabled: false

gcp:
  enabled: false

agent:
  cniPlugin:
    install: true
    uninstall: false
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi
  tolerations:
    - operator: Exists
  containerSecurityContext:
    enabled: true
    ## Running with spc_t type (designed for privileged operations, check capabilities)
    ## since the container is not executed as a privileged container by default. This
    ## should prevent issues with SELinux policies.
    seLinuxOptions:
      level: 's0'
      type: 'spc_t'
    runAsUser: 0
    runAsGroup: 0
    runAsNonRoot: false
    readOnlyRootFilesystem: true
    # > Changed
    privileged: true
    # > Changed
    allowPrivilegeEscalation: true
    capabilities:
      add:
        - BPF
        - CHOWN
        - DAC_OVERRIDE
        - FOWNER
        - KILL
        - NET_ADMIN
        - NET_RAW
        - IPC_LOCK
        - PERFMON
        - SETGID
        - SETUID
        - SYS_ADMIN
        - SYS_MODULE
        - SYS_RESOURCE
      drop: [ "ALL" ]
    seccompProfile:
      type: "RuntimeDefault"

operator:
  replicaCount: 1
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi
  tolerations:
    - operator: Exists

envoy:
  useDaemonSet: false
  resources:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      cpu: 375m
      memory: 384Mi

hubble:
  tls:
    enabled: true
  relay:
    enabled: true
    replicaCount: 1
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 150m
        memory: 192Mi
  ui:
    enabled: true
    replicaCount: 1
    service:
      #type: LoadBalancer
      type: ClusterIP
      annotations: {}
    ingress:
      enabled: false
      pathType: ImplementationSpecific
      hostname: hubble.local
      ingressClassName: ""
      path: /
      annotations: {}
      tls: false
      selfSigned: false
    frontend:
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 150m
          memory: 192Mi
    backend:
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 150m
          memory: 192Mi

etcd:
  enabled: true
  replicaCount: 3

dgomezleon · 2024-11-06T09:16:05Z

At the vendor's helm chart there is a workaround container here, called sysctlfix: https://github.com/cilium/cilium/blob/3a988cd59c83355891f4d61815baf260caf6bf1f/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml#L527-L572

It uses the binary utillity, called /usr/bin/cilium-sysctlfix

Hi @zentavr

Did you check if this works for you? In that case, it would be great if you could create a pull request adding this. The Bitnami team would be excited to review your submission and offer feedback. You can find the contributing guidelines here.

zentavr · 2024-11-06T12:09:06Z

Hello @dgomezleon

The container should contain that certain binary and I have no idea if it is present in Bitnami’s images.

zentavr · 2024-11-06T23:14:25Z

That binary is present inside the container, so technically what is needed is to adjust the helm chart:

root@worker1:/# ls -la /opt/bitnami/cilium/bin/
total 300168
drwxr-xr-x 2 root root      4096 Oct 16 09:18 .
drwxr-xr-x 1 root root      4096 Nov  6 02:24 ..
lrwxrwxrwx 1 root root        10 Oct 16 09:02 cilium -> cilium-dbg
-rwxr-xr-x 1 root root 106896016 Oct 16 09:03 cilium-agent
-rwxr-xr-x 1 root root  16785944 Oct 16 09:03 cilium-bugtool
-rwxr-xr-x 1 root root  75493192 Oct 16 09:03 cilium-dbg
-rwxr-xr-x 1 root root  59857272 Oct 16 09:03 cilium-docker
-rwxr-xr-x 1 root root  15817816 Oct 16 09:03 cilium-health
-rwxr-xr-x 1 root root   5196088 Oct 16 09:03 cilium-health-responder
-rwxr-xr-x 1 root root   2039352 Oct 16 09:03 cilium-mount
-rwxr-xr-x 1 root root   2663448 Oct 16 09:03 cilium-sysctlfix
-rwxr-xr-x 1 root root  19906712 Oct 16 09:02 hubble
-rwxr-xr-x 1 root root   2678776 Oct 16 09:03 loopback

dgomezleon · 2024-11-07T08:23:03Z

Sorry @zentavr ,

I did not notice that. I will create a task to add this logic.

zentavr · 2024-11-07T13:55:03Z

@dgomezleon it’s there actually as I had said.

dgomezleon · 2024-11-08T08:12:53Z

@dgomezleon it’s there actually as I had said.

Yes @zentavr . I created a task to update the chart logic for these cases.

github-actions · 2024-11-24T01:28:50Z

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

zentavr · 2024-11-24T09:44:05Z

The issue is not resolved.

github-actions · 2024-12-10T01:28:06Z

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions · 2024-12-15T01:28:31Z

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

zentavr added the tech-issues The user has a technical issue about an application label Nov 6, 2024

github-actions bot added the triage Triage is needed label Nov 6, 2024

github-actions bot assigned javsalgar Nov 6, 2024

javsalgar added cilium in-progress labels Nov 6, 2024

github-actions bot removed the triage Triage is needed label Nov 6, 2024

github-actions bot assigned dgomezleon and unassigned javsalgar Nov 6, 2024

dgomezleon changed the title ~~Cilium agent cannot start if installing in the fresh cluster (Ubuntu 22.04.1 nodes)~~ Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) Nov 7, 2024

github-actions bot added the stale 15 days without activity label Nov 24, 2024

github-actions bot removed the stale 15 days without activity label Nov 25, 2024

github-actions bot added the stale 15 days without activity label Dec 10, 2024

github-actions bot added the solved label Dec 15, 2024

bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 15, 2024

github-actions bot removed the in-progress label Dec 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) #30231

Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) #30231

zentavr commented Nov 6, 2024 •

edited

Loading

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024 •

edited

Loading

dgomezleon commented Nov 6, 2024

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024

dgomezleon commented Nov 7, 2024 •

edited

Loading

zentavr commented Nov 7, 2024

dgomezleon commented Nov 8, 2024

github-actions bot commented Nov 24, 2024

zentavr commented Nov 24, 2024

github-actions bot commented Dec 10, 2024

github-actions bot commented Dec 15, 2024

Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) #30231

Cilium agent cannot start if installing in the fresh cluster (Ubuntu 24.04.1 nodes) #30231

Comments

zentavr commented Nov 6, 2024 • edited Loading

Name and Version

What architecture are you using?

What steps will reproduce the bug?

Are you using any custom parameters or values?

What is the expected behavior?

What do you see instead?

Additional information

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024 • edited Loading

dgomezleon commented Nov 6, 2024

zentavr commented Nov 6, 2024

zentavr commented Nov 6, 2024

dgomezleon commented Nov 7, 2024 • edited Loading

zentavr commented Nov 7, 2024

dgomezleon commented Nov 8, 2024

github-actions bot commented Nov 24, 2024

zentavr commented Nov 24, 2024

github-actions bot commented Dec 10, 2024

github-actions bot commented Dec 15, 2024

zentavr commented Nov 6, 2024 •

edited

Loading

zentavr commented Nov 6, 2024 •

edited

Loading

dgomezleon commented Nov 7, 2024 •

edited

Loading