CNI plugin not ready — pods cannot get network interfaces
Production Risk
All pods on the affected node cannot obtain network interfaces; no new pods can start on that node.
NetworkNotReady means the Container Network Interface (CNI) plugin on a node has not reported ready, or is not installed. Pods scheduled to this node will be stuck in ContainerCreating because kubelet cannot set up network namespaces or assign IP addresses. This typically occurs during node bootstrap, after a CNI plugin crash, or when the CNI binary is missing.
- 1CNI plugin DaemonSet pod is not running on the node (crash, eviction, pending)
- 2CNI configuration files are missing from /etc/cni/net.d/ on the node
- 3CNI binary is not present in /opt/cni/bin/ on the node
- 4Node just joined the cluster and CNI DaemonSet has not yet been scheduled
Pods on a specific node are stuck in ContainerCreating; node may show NetworkUnavailable=True.
kubectl describe node mynode | grep -A 5 "Conditions:" # NetworkUnavailable True ... CniPluginUninitialized kubectl get pods -n kube-system -o wide | grep cni | grep mynode
expected output
NetworkUnavailable True ... CniPluginUninitialized
Fix 1
Check CNI DaemonSet pod on the affected node
WHEN Pods on one node are stuck in ContainerCreating
kubectl get pods -n kube-system -o wide | grep -E "calico|flannel|weave|cilium" | grep mynode kubectl describe pod <cni-pod-name> -n kube-system
Why this works
Identifies whether the CNI DaemonSet pod is running on the affected node.
Fix 2
Reinstall or restart the CNI plugin
WHEN CNI pod is crashing or missing
# Delete the crashing CNI pod to trigger a restart kubectl delete pod <cni-pod-name> -n kube-system # For Calico kubectl rollout restart daemonset calico-node -n kube-system
Why this works
Forces the DaemonSet to recreate the CNI pod on the node, re-initialising the network plugin.
Kubernetes Documentation
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev