Skip to content
Fix These Errors
Error: CreateContainerConfigError

Error: CreateContainerConfigError

DodaTech 3 min read

The “CreateContainerConfigError” error means Kubernetes pulled the image but cannot start the container because a referenced ConfigMap or Secret is missing.

What It Means

The kubelet has pulled the image and is ready to start the container, but it cannot resolve a configuration dependency. Usually this is a ConfigMap or Secret that the pod spec references but doesn’t exist in the namespace. Kubernetes cannot create the container without these configuration values.

Why It Happens

  • A ConfigMap referenced via configMapKeyRef in an environment variable doesn’t exist.
  • A Secret referenced via secretKeyRef in an environment variable doesn’t exist.
  • The ConfigMap or Secret exists but in a different namespace.
  • The ConfigMap or Secret was deleted after the pod was deployed.
  • A volume references a ConfigMap or Secret that doesn’t exist.
  • The key name inside the ConfigMap or Secret is misspelled.
  • The ConfigMap or Secret is empty or has the wrong data format.

How to Fix It

Step 1: Describe the pod for details 

kubectl describe pod <pod-name>

The event message will specify exactly which ConfigMap or Secret is missing:

Events:
  Type     Reason     Age   From               Message
  ----     ------     ----  ----               -------
  Warning  Failed     10s   kubelet            Error: configmap "app-config" not found

Step 2: Check if the ConfigMap exists 

kubectl get configmap <configmap-name>
kubectl get configmap <configmap-name> -o yaml

If it doesn’t exist, create it:

kubectl create configmap app-config --from-literal=key=value --from-file=config.properties

Or apply a ConfigMap YAML:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  DATABASE_URL: "postgres://localhost:5432/mydb"
  LOG_LEVEL: "debug"

Step 3: Check if the Secret exists 

kubectl get secret <secret-name>
kubectl get secret <secret-name> -o yaml

If it doesn’t exist, create it:

kubectl create secret generic db-secret --from-literal=password=s3cret

Step 4: Verify namespace

ConfigMaps and Secrets are namespace-scoped. If the pod is in namespace-a but the ConfigMap is in namespace-b:

kubectl get configmap -n namespace-b
kubectl get configmap -A | grep <configmap-name>

Move the ConfigMap or pod to the same namespace.

Step 5: Check environment variable references

Inspect your pod spec for incorrect references:

env:
- name: DB_PASSWORD
  valueFrom:
    secretKeyRef:
      name: db-secret      # Must exist in the same namespace
      key: password         # Must be a key inside the Secret

Verify the key exists inside the Secret:

kubectl get secret db-secret -o jsonpath='{.data}'
What's the difference between configMapKeyRef and secretKeyRef?
Both inject values as environment variables. configMapKeyRef pulls from a ConfigMap (non-sensitive data like config files). secretKeyRef pulls from a Secret (sensitive data like passwords). The error and resolution are identical — the referenced resource must exist in the same namespace.
Can a missing ConfigMap key cause this error even if the ConfigMap exists?
Yes. If the ConfigMap exists but doesn’t contain the specific key referenced in configMapKeyRef.key, Kubernetes will fail with CreateContainerConfigError. For example, if you reference configMapKeyRef.name: app-config and configMapKeyRef.key: DATABASE_URL, but app-config has no DATABASE_URL key, the error occurs.
How do I make ConfigMaps and Secrets available across namespaces?
Kubernetes does not support cross-namespace ConfigMap or Secret references directly. You must copy the resource to each namespace: kubectl get configmap <name> -n <source> -o yaml --export | kubectl apply -n <target> -f -. Alternatively, use a tool like Kyverno or a controller to sync resources across namespaces.
Previous Cyclic reference involving ... Next Error: Cycle in dependency graph

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Fix These Errors