CreateContainerConfigError means Kubernetes cannot generate container configuration, usually due to missing ConfigMaps, Secrets, or invalid references. Verify all referenced resources exist.
CreateContainerConfigError occurs when Kubernetes fails to generate or validate the configuration for a container before creation. Unlike CreateContainerError (failure during creation), this error indicates the configuration itself is invalid or incomplete. The most common cause is referencing a ConfigMap or Secret that doesn't exist in the namespace. Kubernetes cannot build the container's environment variables or volume mounts without these resources, so container creation fails before it begins.
Check pod events for the specific error:
kubectl describe pod <pod-name>Look for messages like:
- "Error: configmap \"my-config\" not found"
- "Error: secret \"my-secret\" not found"
- "Error: couldn't find key my-key in ConfigMap"
The message tells you exactly what's missing.
Check if the ConfigMap exists in the correct namespace:
# List ConfigMaps
kubectl get configmaps
# Check specific ConfigMap
kubectl get configmap <name> -o yaml
# Verify the data keys
kubectl get configmap <name> -o jsonpath='{.data}'If missing, create it:
kubectl create configmap my-config --from-literal=key1=value1
# or from file
kubectl create configmap my-config --from-file=config.propertiesCheck if the Secret exists:
# List Secrets
kubectl get secrets
# Check specific Secret (data is base64 encoded)
kubectl get secret <name> -o yaml
# Decode a value
kubectl get secret <name> -o jsonpath='{.data.password}' | base64 -dIf missing, create it:
kubectl create secret generic my-secret --from-literal=password=secret123Review what resources the pod expects:
kubectl get pod <pod-name> -o yaml | grep -A 10 envFrom
kubectl get pod <pod-name> -o yaml | grep -A 10 configMapRef
kubectl get pod <pod-name> -o yaml | grep -A 10 secretRef
kubectl get pod <pod-name> -o yaml | grep -A 10 configMapKeyRefEnsure names match exactly (case-sensitive) and keys exist within the referenced resources.
ConfigMaps and Secrets are namespace-scoped:
# Check pod's namespace
kubectl get pod <pod-name> -o jsonpath='{.metadata.namespace}'
# Ensure ConfigMap is in same namespace
kubectl get configmap <name> -n <namespace>If deploying to different namespaces, create the ConfigMap/Secret in each namespace or use a tool like Sealed Secrets to sync them.
Prevent this error with validation:
# Dry run to catch errors
kubectl apply --dry-run=client -f pod.yaml
# Check if resources exist before deploying
kubectl get configmap my-config || echo "ConfigMap missing!"
kubectl get secret my-secret || echo "Secret missing!"In CI/CD, deploy ConfigMaps and Secrets before Deployments, or use Helm/Kustomize to manage dependencies.
Optional vs Required references:
# Required - pod fails if missing
envFrom:
- configMapRef:
name: my-config
# Optional - pod starts without it
envFrom:
- configMapRef:
name: my-config
optional: trueUse optional: true for non-critical configuration to prevent startup failures.
For GitOps workflows, ensure ConfigMaps/Secrets are synced before Deployments by using sync waves (ArgoCD) or dependencies (Flux).
When using external secret managers (HashiCorp Vault, AWS Secrets Manager), ensure the External Secrets Operator has synced secrets before pods deploy. Add proper health checks or init containers to wait for secrets.
No subnets found for EKS cluster
How to fix "eks subnet not found" in Kubernetes
unable to compute replica count
How to fix "unable to compute replica count" in Kubernetes HPA
error: context not found
How to fix "error: context not found" in Kubernetes
default backend - 404
How to fix "default backend - 404" in Kubernetes Ingress
serviceaccount cannot list resource
How to fix "serviceaccount cannot list resource" in Kubernetes