A referenced Secret was not found
Production Risk
The application cannot start, leading to an outage. This is a critical configuration error, especially for applications that require secrets to connect to databases or other services.
A pod fails to start because it references a Secret that does not exist in the same namespace. This prevents the pod's containers from being created and started.
- 1The Secret was not created before the pod that depends on it
- 2There is a typo in the Secret's name in the pod manifest
- 3The Secret was created in a different namespace from the pod
A pod deployment fails, and the pod's events log shows a 'CreateContainerConfigError' with a 'secret not found' message.
kubectl describe pod my-secure-app-pod
expected output
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning Failed 45s (x5 over 2m) kubelet Error: CreateContainerConfigError: secret "db-credentials" not found
Fix 1
Check if the Secret exists
WHEN The error message names the missing Secret
kubectl get secret db-credentials -n my-app-namespace
Why this works
This command verifies whether the Secret exists in the expected namespace. If it's not found, you either need to create it or correct the pod's volume mount definition.
Fix 2
Create the Secret
WHEN The Secret is confirmed to be missing
kubectl create secret generic db-credentials --from-literal=password=supersecret -n my-app-namespace
Why this works
This command creates a new Secret with the required name and data, which will allow the waiting pod to successfully mount it and start.
✕ Mark the secret volume mount as optional
This will allow the pod to start, but the application is almost certain to fail if it relies on the credentials or tokens from the Secret. It hides the configuration error.
k8s.io/kubernetes/pkg/kubelet/kubelet_pods.go
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev