233

A pod in my Kubernetes cluster is stuck on "ContainerCreating" after running a create. How do I see logs for this operation in order to diagnose why it is stuck? kubectl logs doesn't seem to work since the container needs to be in a non-pending state.

four43
  • 2,575
  • 2
  • 14
  • 17
  • https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase is the documentation on the possible phases. Unfortunately it doesn't include `ContainerCreating`... – Xiong Chiamiov Jul 19 '17 at 21:46
  • 2
    Usually when I get this issue it's because the appropriate secrets aren't created - `kubectl describe pods *pod_name*` will reveal if this is the cause - look at the 'events' listed at the bottom of the output. Tip - to get the *pod_name* use `kubectl get pods`, and copy the name of the pod you want to inspect. – Chris Halcrow Oct 07 '20 at 23:16

5 Answers5

279

kubectl describe pods will list some (probably most but not all) of the events associated with the pod, including pulling of images, starting of containers.

Chris Stryczynski
  • 1,176
  • 2
  • 15
  • 23
Sreekanth Pothanis
  • 2,986
  • 1
  • 10
  • 3
  • 8
    what if the container stuck at ContainerCreating without any events? for me the events is shown as "No events." – Bob May 26 '16 at 02:30
  • 1
    Some events seem to take a while to show up. For example a timeout attempting to mount a disk for me takes about 2 minutes before it shows up as an event. – jwadsack Jul 28 '16 at 18:49
  • 16
    It happens when you are using secrets and they are not found (like a typo in the yaml or you forgot to create it before). For the almost all other possible errors it gets CrashLoopback or Error states but with secrets it just gets stuck in ContainerCreating, if you describe the pod then you'll see at the very end a message saying the secret was not found, but it barely says nothing about the problem. – danius Oct 31 '16 at 20:53
  • Yeah usually you don't have any events before he starts doing something. – erikbstack May 10 '17 at 14:44
  • When the image being pulled from docker hub is relatively large, The pod status can be stuck at ContainerCreating for a while before changing state to Running. In my case, i just waited for a little longer and the state changed to running – Andrew Mititi Sep 07 '21 at 08:31
48

More info could be provided in the events.

kubectl get events --all-namespaces  --sort-by='.metadata.creationTimestamp'

However do note that sorting events might not work correctly due to this bug: https://github.com/kubernetes/kubernetes/issues/29838

Alternatively:

As of Kubernetes 1.18 all new objects have metadata for server-side apply, which gives us a new way to sort events:

kubectl get events --sort-by=".metadata.managedFields[0].time"

From: https://github.com/kubernetes/kubernetes/issues/29838#issuecomment-789660546

In my case I had an event relating to a pod:

default       13s         Warning   FailedMount               Pod          Unable to mount volumes for pod "restore-db-123-1-5f24s_default(9b7df264-2976-11ea-bb8f-42010a9a002c)": timeout expired waiting for volumes to attach or mount for pod "default"/"restore-db-123-1-5f24s". list of unmounted volumes=[nfsv]. list of unattached volumes=[nfsv default-token-hxrng]
Chris Stryczynski
  • 1,176
  • 2
  • 15
  • 23
  • Thank you for this! I was trying to use container logs using the GKE-provided queries, but I suspect my filters were too tight. This command helped me isolate what exactly was happening. (I was forgetting to build the configmap, derp.) – ingernet Oct 09 '20 at 01:26
  • Nice tip on --sort-by :) – Alexandre Mulatinho Jul 06 '21 at 20:16
  • 1
    Much better than accepted answer for my case. Actually showed that I ran out of disk space helping me pinpoint the issue real quick. Thanks!! – shriek Jan 17 '22 at 08:46
7

In my case, docker's access to internet was blocked. It was solved using a proxy (using sandylss's comment):

  1. minikube stop
  2. minikube delete
  3. export http_proxy=http://user:pass@ip:port
  4. export https_proxy=http://user:pass@ip:port
  5. export no_proxy=192.168.99.0/24
  6. minikube start --logtostderr --v=0 --bootstrapper=localkube --vm-driver hyperv 
  --hyperv-virtual-switch "Primary Virtual Switch" --docker-env HTTP_PROXY=$http_proxy \
  --docker-env HTTPS_PROXY=$https_proxy --docker-env NO_PROXY=$no_proxy
  7. export no_proxy=$no_proxy,$(minikube ip)
  8. export NO_PROXY=$no_proxy,$(minikube ip)

Then, to check if docker has access to internet, run:

$ docker pull tutum/hello-world

in the cluster (connect to the cluster using minikube ssh); stop the process if it starts downloading.

My second problem was slow internet connection. Since the required docker images are on the order of 100MB, both docker containers and Kubernetes pods remained in \pause and ContainerCreating states for 30 minutes.

To check if docker is downloading the images, run:

$ ls -l /var/lib/docker/tmp

in the cluster, which shows the temporary image file[s] that are being downloaded, empty otherwise.

If you are developing in minikube and using VPN, docker can use your VPN via fiddler. That is, docker will be connected to fiddler's ip:port, and fiddler is connected to the VPN. Otherwise, VPN is not shared between your host and minikube VM.

slm
  • 7,355
  • 16
  • 54
  • 72
Esmailian
  • 181
  • 1
  • 2
  • 3
  • Got bit by this bug today. Still not sure what caused it though. Things were working fine one minute and the next, this issue cropped up. Thank you for the fix. It worked for me. – Jim Oct 31 '18 at 06:45
3

The one time I hit this was because my resource declarations were accidentally very very small.

resources: limits: cpu: 1000m memory: 1024M requests: cpu: 1000m memory: 1024M

vs

resources: limits: cpu: 1000m memory: 1024m requests: cpu: 1000m memory: 1024m

capitalizing that m makes a very large difference in resource use. I was stuck on ContainerCreating because I had not given enough memory to my container.

Luis Felipe Moura Pereira De S
  • 31
  • 2
2

In my case, a pod was stuck at 'ContainerCreating' because a docker image pull was hung (some layers were downloaded, some were stuck at "downloading").

$ kubectl get events --all-namespaces  --sort-by='.metadata.creationTimestamp'

showed an event "Pulling image"

Tried to pull that image using docker image pull... and saw that it was hanging.

It turned out that there is a bug in concurrent pulls of layers. Changing docker config to limit concurrency solved the problem.

Added this to docker config (on windows, docker-desktop UI, settings, Docker Engine) to limit concurrency:

  "max-concurrent-downloads": 1,
  "max-concurrent-uploads": 1
Tej Arora
  • 21
  • 1