Introduction ImagePullBackOff means Kubernetes cannot pull the container image. This is one of the most common pod failures and is caused by authentication issues with private registries, incorrect image names/tags, or network problems reaching the registry.
Symptoms - `kubectl get pods` shows STATUS = ImagePullBackOff or ErrImagePull - `kubectl describe pod` shows: "Failed to pull image: unauthorized" or "manifest unknown" - Events show: "Back-off pulling image" - Pod remains in Pending state indefinitely
Common Causes - Missing imagePullSecrets in pod spec - ImagePullSecret expired (Docker Hub token, ECR credentials) - Image tag does not exist or was deleted - Typo in image name or registry URL - Network policy blocking access to container registry
Step-by-Step Fix 1. **Check pod events for specific error**: ```bash kubectl describe pod <pod-name> -n <namespace> # Look at Events section for exact pull error ```
- 1.Verify imagePullSecrets exist:
- 2.```bash
- 3.kubectl get secret regcred -n <namespace>
- 4.kubectl get serviceaccount default -n <namespace> -o jsonpath='{.imagePullSecrets}'
- 5.
` - 6.Create or update imagePullSecret:
- 7.```bash
- 8.kubectl create secret docker-registry regcred \
- 9.--docker-server=myregistry.example.com \
- 10.--docker-username=myuser --docker-password=mypass \
- 11.--namespace <namespace>
- 12.
` - 13.Verify the image exists and tag is correct:
- 14.```bash
- 15.docker pull myregistry.example.com/my-app:v1.2.3
- 16.
` - 17.Fix the deployment image reference:
- 18.```bash
- 19.kubectl set image deployment/my-app my-container=myregistry.example.com/my-app:v1.2.3 -n <namespace>
- 20.
`