Skip to main content

Pod Status: Stuck in ContainerCreating

Unless this lasts longer than a few minutes, this is normal. It just means the pod has been scheduled on a node and the node is attempting to launch the container on the pod. If the pod is stuck in this phase for a while, describe the pod events to see what is holding it up.

# Get pod events
kubectl describe pod ${POD_NAME} -n ${NAMESPACE}

Failed To Attach Volume

The persistent volume your pod requires is currently attached to one of the old pods. Identify the old pod that is attached to the relevant volume and delete the pod. DO NOT DELETE THE VOLUME OR YOU WILL LOSE THAT DATA.

# Get the requested volumes for the pod and look for any `persistentVolumeClaim`s and take note of the `claimName`
kubectl get pod ${POD_NAME} -n ${NAMESPACE} -o yaml | yq '.spec.volumes'

# Visually inspect and find the other pod with the same PVC
kubectl get pods -n ${NAMESPACE} -o yaml | yq  '.items | map({"name": .metadata.name, "volumes": .spec.volumes})'

# Delete the other pod, once identified
kubectl delete pod ${OLD_POD_NAME} -n ${NAMESPACE}

Secret Does Not Exist

The cluster is failing to pull the specified secret from your cloud provider's secretsmanager (e.g. KeyVault in Azure). Describe the ExternalSecret for the relevant secret.

# Get ExternalSecret events
# This will tell you what is wrong with the secret on your cloud provider.
# If this mentions a problem with the SecretStore, try the appropriate crossplane command below.
kubectl describe externalsecret ${SECRET_NAME} -n ${NAMESPACE}

# Azure-specific. Run the following and troubleshoot as necessary.
crossplane beta trace AzureKeyVault ${NAMESPACE} -n ${NAMESPACE}

Troubleshoot the above crossplane commands according to Crossplane Issues.

Common ContainerCreating Issues

Event MessageLikely CauseAction
FailedAttachVolumePVC attached elsewhereFind and delete conflicting pod
FailedMountSecret or ConfigMap missingCheck if resource exists
NetworkNotReadyCNI not initializedCheck node networking
ImagePullBackOffSee ImagePullBackOffCheck image and credentials