Kind (Kubernetes) cluster throwing ImagePullBackOff error

Question

I need to pull the image from public docker repository i.e hello-world:latest and run that image on kubernetes. I created cluster using Kind . I ran that image using the below command

kubectl run test-pod --image=hello-world

Then I did

kubectl describe pods 

to get the status of the pods. It threw me ImagePullBackOff error . Please find the snapshot below. It seems there is some network issue when pulling the image using kind cluster. Although I am able to pull image from docker easily .

Have searched the whole internet regarding this issue but nothing worked out. Following is my pod specification :

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2022-05-16T15:01:17Z"
  labels:
    run: test-pod
  name: test-pod
  namespace: default
  resourceVersion: "4370"
  uid: 6ef121e2-805b-4022-9a13-c17c031aea88
spec:
  containers:
  - image: hello-world
    imagePullPolicy: Always
    name: test-pod
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-jjsmp
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: kind-control-plane
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: kube-api-access-jjsmp
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2022-05-16T15:01:17Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2022-05-16T15:01:17Z"
    message: 'containers with unready status: [test-pod]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
containerStatuses:
  - image: hello-world
    imageID: ""
    lastState: {}
    name: test-pod
    ready: false
    restartCount: 0
    started: false
    state:
      waiting:
        message: Back-off pulling image "hello-world"
        reason: ImagePullBackOff
  hostIP: 172.18.0.2
  phase: Pending
  podIP: 10.244.0.5
  podIPs:
  - ip: 10.244.0.5
  qosClass: BestEffort
  startTime: "2022-05-16T15:01:17Z"

Answer 1

The ImagePullBackOff error means that Kubernetes couldn't pull the image from the registry and will keep trying to pull the image until it reaches a compiled-in limit of 300 seconds (5 minutes). This issue could happen because Kubernetes is facing one of the following conditions:

• You have exceeded the rate or download limit on the registry.
• The image registry requires authentication.
• There is a typo in the image name or tag.
• The image or tag does not exist.

You can start reviewing if you can pull the image locally or try to ssh jumping on the node and run docker pull and get the image directly.

If you still can't pull the image, another option is to add 8.8.8.8 to /etc/resolv.conf.

Update: To avoid exposing your kind cluster to the internet try to pull the image locally at your PC by manually specifying a new path from a different registry.

Sample:

docker pull myregistry.local:5000/testing/test-image