Skip to main content

AKS CrashLoopBackOff, Pending Pods, and NotReady Nodes — The Real Fixes Engineers Use

Incident PlaybookAKSKuberneteskubectl2026

AKS CrashLoopBackOff, Pending Pods, and
NotReady Nodes — The Real Fixes Engineers Use

Every AKS engineer eventually faces the same nightmare: CrashLoopBackOff at 2am, pods stuck Pending for no clear reason, or nodes flipping to NotReady mid-deployment. The difference between panic and control is knowing the exact diagnostic sequence — and the real fixes that work in production. This guide gives you both.

3 commands
get pods, describe pod, and logs diagnose roughly 90% of AKS incidents before you touch anything else
Exit 137
The code that means OOMKilled — the container hit its memory limit and was killed by the kernel (128 + SIGKILL 9)
Events
The bottom of kubectl describe is where the real cause lives — Pending, FailedScheduling, and image errors all surface there
CoreDNS
The single component behind most "intermittent" production failures — service discovery breaks quietly and looks like an app bug

The engineers who stay calm during an AKS incident are not smarter than everyone else — they just run the same diagnostic sequence every time, in the same order, and let the cluster tell them what is wrong. Kubernetes is remarkably honest about its own failures: almost every problem announces itself in a pod's status, its events, or its logs. The skill is knowing where to look and what each signal means. This guide walks the failures you will actually hit in production — CrashLoopBackOff, Pending, NotReady, DNS, OOM, and ImagePullBackOff — and gives the exact commands and fixes for each.

Figure 1 — The diagnostic funnel: three commands that surface the cause of most AKS incidents
1 · WHAT is wrong?kubectl get pods -o wideStatus, restarts, node, IP2 · WHY is it wrong?kubectl describe podEvents, reasons, exit codes3 · What does the app say?kubectl logs --previousCrash output before restartROOT CAUSE IDENTIFIEDConfig error · resource limit · image · scheduling · dependencyRun them in order. get narrows the target, describe reveals the reason in its Events, logs shows the app's own dying words.
This is the sequence experienced engineers run on autopilot. get pods tells you which pod and what state; describe pod's Events section names the reason; logs (with --previous for a crashed container) shows what the application printed before it died. Most incidents are solved before you reach for anything more advanced.
01The 3 Commands That Diagnose 90% of AKS IssuesDiagnosis

Before learning any specific fix, internalise the diagnostic sequence. Nearly every AKS incident is solved by three commands run in order. Skipping ahead — guessing at the fix before reading the events — is what turns a ten-minute incident into an hour.

1. kubectl get pods — find the target

Start wide. This shows you which pods are unhealthy, their exact status (CrashLoopBackOff, Pending, ImagePullBackOff, OOMKilled), how many times they have restarted, and — with -o wide — which node they landed on. The restart count and status column alone often tell you which failure class you are dealing with.

2. kubectl describe pod — read the events

This is the most important command in Kubernetes troubleshooting, and the Events section at the bottom is where the real cause lives. FailedScheduling, Failed to pull image, Back-off restarting failed container, Liveness probe failed, OOMKilled — they all surface here in plain language, usually with the exact reason attached.

3. kubectl logs — hear the app's last words

When a container is crashing, its own logs tell you why — a missing environment variable, a failed database connection, an unhandled exception on startup. The critical flag is --previous (or -p): for a container that already crashed and restarted, this shows the logs from the failed instance, not the fresh one that is about to fail again.

The core diagnostic sequence — run in this order# 1. WHAT — find unhealthy pods, status, restarts, and node placement kubectl get pods -o wide kubectl get pods -A -o wide # across all namespaces # 2. WHY — read the Events section at the bottom of the output kubectl describe pod <pod-name> -n <namespace> # 3. APP — what the application printed before dying kubectl logs <pod-name> -n <namespace> kubectl logs <pod-name> -n <namespace> --previous # the CRASHED instance # Bonus — cluster-wide events, newest last, for the big picture kubectl get events -A --sort-by=.lastTimestamp
The --previous flag is the one people forget

For a pod in CrashLoopBackOff, plain kubectl logs shows the container that just started and hasn't crashed yet — often empty or misleading. kubectl logs --previous shows the instance that actually failed. This one flag is the difference between seeing the real error and staring at a blank log.

02CrashLoopBackOff — Root Causes and FixesMost Common

CrashLoopBackOff is not an error in itself — it is Kubernetes telling you that a container keeps starting, crashing, and being restarted, and that the restarts are now spaced out with an exponential back-off (10s, 20s, 40s, up to 5 minutes). The status is a symptom. The cause is always why the container exits, and that is found in the logs and the container's exit code.

Exit CodeMeaningTypical Cause
0Clean exit — but container wasn't meant to stopWrong entrypoint / command; the main process finished and exited instead of staying up
1General application errorUnhandled exception on startup, bad config, missing env var or file
126 / 127Command not runnable / not foundBad command in the manifest, missing binary in the image, wrong path
137SIGKILL (128 + 9) — OOMKilled or forced killContainer exceeded its memory limit, or a failed liveness probe forced a kill
143SIGTERM (128 + 15) — graceful terminationProbe failure or eviction asked the container to stop; often a slow-starting app
Figure 2 — The CrashLoopBackOff cycle: where the loop forms and how to break it
ContainerCreatingimage + mountsRunningprocess startsCRASH / EXITnon-zero codeBack-off wait10s→20s→...→5mexponentialCrashLoopBackOff — the restart loopBREAK THE LOOPlogs --previous →fix root cause
The pod cycles Running → crash → back-off → Running indefinitely. Kubernetes will never fix this for you — it just keeps restarting with longer waits. Breaking the loop always means finding why the container exits (logs --previous plus the exit code) and fixing the underlying config, dependency, resource limit, or probe.

The most common real causes, in order of frequency:

  • Application config error — a missing environment variable, an unreachable database, a bad connection string. The app throws on startup and exits 1. Fix: read logs --previous, correct the config/secret, redeploy.
  • Failing liveness probe — the app is fine but slow to start, and an aggressive liveness probe kills it before it is ready. Fix: raise initialDelaySeconds / failureThreshold, or use a startupProbe for slow starters.
  • OOMKilled (exit 137) — the container exceeds its memory limit and is killed. Fix: raise the memory limit or fix the leak (see Section 6).
  • Wrong command / entrypoint (exit 0 or 127) — the container runs the wrong thing and exits immediately. Fix: correct command/args in the manifest.
  • Missing dependency at boot — the app needs a service, volume, or secret that isn't ready. Fix: add an init container or readiness gate so it waits.
Diagnose and fix a CrashLoopBackOff# See the crash output from the FAILED instance (the key command) kubectl logs <pod> -n <ns> --previous # Find the exit code and reason in the container's last state kubectl describe pod <pod> -n <ns> | grep -A5 "Last State" # If it's a slow-start app killed by liveness, add a startupProbe: # startupProbe: { httpGet: {path: /healthz, port: 8080}, # failureThreshold: 30, periodSeconds: 10 } # allows up to 5 min to start # Roll out the corrected manifest and watch it recover kubectl apply -f deployment.yaml kubectl rollout status deployment/<name> -n <ns>

Popular posts from this blog

The Cloud Incumbent: AWS Bedrock Hosts Every Frontier Model and Amazon Is Betting on Neutrality AWS at $37.6 billion quarterly revenue, growing 28%. $13 billion invested in Anthropic. A $100 billion Anthropic-to-AWS commitment. Trainium with $225 billion in customer revenue commitments. The most quietly powerful AI strategy in the race. By Francis Avorgbedor | Azure Engineer  ·  July 4, 2026  ·  14 min read  ·  Amazon · AWS · Cloud AI 74 SEVENAI Momentum Score — Rank #5 $37.6B AWS Q1 2026 revenue — 28% YoY growth ▲ Fastest in 15 quarters $13B Total Amazon investment in Anthropic to date ▲ Strategic anchor 100K+ Customers running Claude on AWS Bedrock ▲ Distribution moat Amazon's AI strategy is built on a thesis that every other Magnificent Seven company is testing against — and that Amazon is uniquely positioned to win regardless of the outcome. The thesis is neutrality. In a race where Microsoft has bet on OpenAI, Google has bet on Gemini, and Meta has bet...
Performance Fix Foundry Local 1.2 Linux ARM64 Embeddings Offline ASR The Edge Latency Drop: Fixing Latency Spikes by Offloading Embeddings to Foundry Local 1.2 You are paying a full cloud round trip — network, TLS, queue, throttle risk — to turn a twelve-word search query into a vector. That is the most expensive way possible to do one of the cheapest computations in your stack. Foundry Local 1.2 now runs on Linux ARM64, which means embeddings and speech recognition can happen on a Raspberry Pi, a Jetson, or a Graviton instance — offline, unmetered, and in single-digit milliseconds. The failure signature this guide resolves # Application Insights — the embedding call, not the LLM, is your tail latency: name p50 p95 p99 calls/day POST /embeddings (cloud) 89 ms 412 ms 3,847 ms 1,240,000 POST /chat/completions (cloud) 940 ms 1,720 ms 2,910 ms 38,000 ^^^^^^^^ ...

How to Reset an Azure Virtual Machine to Factory Settings Using a Managed Disk

How to Reset an Azure Virtual Machine to Factory Settings Using a Managed Disk Azure does not have a single "factory reset" button. What it does have is something better: the OS Disk Swap — a method that swaps out the corrupted or misconfigured OS disk for a clean Windows Server managed disk without deleting the VM, its NICs, its IP addresses, or any attached data disks. Here is how it works, when to use it, and the exact steps to execute it safely. FA Francis Avorgbedor Azure Engineer July 16, 2026 15 min read Azure VMs · Windows Server · Real-World Fix 3 Methods to achieve a clean Windows Server installation on an existing Azure VM ~15min Typical OS Disk Swap duration — VM retains its NICs, IPs, and data disks throughout 0 Data disks affected by an OS Disk Swap — data disks remain attached and untouched 1 Snapshot of the original OS disk you must take before starting — no exceptions Introduction Why Azure Does Not Have a Simple Factory Reset — and What to Do Instead On a ph...

Can I Update My Old Computer to Windows 11 — and How Much Will It Cost?

Can I Update My Old Computer to Windows 11 — and How Much Will It Cost? Your i7, 16GB RAM, 512GB SSD machine is powerful enough to run Windows 11 comfortably. The TPM 2.0 and Secure Boot wall is a security checkbox, not a performance ceiling. Here are two proven ways to get past it, what each one costs, and what you are trading away by doing so. $0 Cost of the Windows 11 licence if your existing Windows 10 is genuine — the upgrade remains free in 2026 2 Proven methods to bypass TPM 2.0 and Secure Boot — Rufus (easy) and Registry edit (manual) 25H2 Current Windows 11 version — all known bypass methods tested and confirmed working as of July 2026 Oct 2025 Windows 10 end of life — no more security updates. Staying on Windows 10 now carries real risk. First — Check Your BIOS Before Anything Else You Might Not Actually Need a Bypass Before running any bypass, open your BIOS and look at two settings. Many computers that fail the Windows 11 compatibility check have TPM 2.0 present in the hard...

Top 100 Best AI Tools for Software Engineers and DevOps Professionals in 2026

2026 Edition 100 Tools Software Engineering DevOps AIOps Top 100 Best AI Tools for Software Engineers and DevOps Professionals in 2026 85% of developers now regularly use AI tools. Fully AI-generated code accounts for nearly 28% of all pull requests. The question is no longer whether to use AI tools — it is which ones, in which combination, for which part of the lifecycle. This guide cuts through the noise: 100 tools, 10 categories, honest pricing, real use cases, and a selection framework for building your stack without redundancy. 85% Percentage of developers who now regularly use AI tools, per JetBrains' 2025 State of Developer Ecosystem report — up from near zero three years ago 28% Share of all pull requests containing primarily AI-generated code in 2026 — the metric that signals AI coding assistants have moved from experiment to workflow $50B Cursor's reported valuation in April 2026 Series D talks — the number that signals investor confidence in the AI developer tools ma...

Azure Files vs Azure NetApp Files: Which One Should You Choose?

Azure Files vs Azure NetApp Files: Which One Should You Choose? Performance tiers, protocol support, dual-protocol capability, pricing models, SAP/Oracle/HPC suitability, data management features, and the decision framework that maps each workload type to the right service — with step-by-step setup procedures for both. FA Francis Avorgbedor Azure Engineer July 15, 2026 20 min read Azure Storage · Architecture 4 Azure Files tiers: Premium SSD, Standard Hot, Cool, Tx Optimized 3 ANF performance tiers: Standard, Premium, Ultra — all SSD-backed 4TiB ANF minimum provisioning — significant cost floor for small workloads Dual ANF serves the same data via SMB and NFS simultaneously — AF cannot Introduction Two Services, One Surface Area — Completely Different Purposes Microsoft offers two fully managed, enterprise-grade file storage services in Azure. They share a surface area — both serve file shares over standard protocols, both run on managed infrastructure, and both integrate with Microsof...
Troubleshooting Guide AKS Kubernetes Real Solutions kubectl Azure Kubernetes Service (AKS) Troubleshooting Guide: Real Solutions to Common Problems CrashLoopBackOff at 2am. Pods stuck Pending with no obvious cause. Nodes going NotReady mid-deployment. DNS resolution silently failing in production. Every AKS engineer encounters these — the difference between engineers who panic and engineers who stay calm is knowing the exact sequence of diagnostic commands to run. This guide gives you that sequence, the root cause analysis for each failure mode, and the fix. 3 commands 90% of AKS problems are diagnosed with the same three kubectl commands: describe pod, logs --previous, and get events — in that order, every time Exit 137 The exit code that tells you everything: container killed by SIGKILL — either the Linux OOM killer (memory limit exceeded) or kubelet after grace period expired 5 min The CrashLoopBackOff ceiling: Kubernetes applies exponential backoff (10s → 20s → 40s → 80s → 160s → 3...

How to Deploy an AI Chatbot on Azure Using Azure OpenAI and App Service

Step-by-Step Guide Azure OpenAI App Service Production Python How to Deploy an AI Chatbot on Azure Using Azure OpenAI and App Service From zero to a production-grade AI chatbot: provision Azure OpenAI, write a streaming Flask API backend, deploy it on Azure App Service with Managed Identity, wire in conversation history and content safety, and instrument it with Application Insights — all with complete code and Terraform IaC. No API keys in environment variables. No hardcoded secrets. No half-finished PoC patterns. 7 phases This guide covers the full deployment lifecycle: architecture design → resource provisioning → backend code → App Service deployment → streaming → security → monitoring Zero keys The chatbot authenticates to Azure OpenAI using Managed Identity and DefaultAzureCredential — no API keys stored in environment variables, Key Vault, or code SSE Server-Sent Events stream GPT tokens to the browser as they generate — the same token-by-token typing effect users expect from pr...
Creating user profiles for Entra-joined Azure Virtual Desktops (AVD) primarily involves configuring FSLogix Profile Containers . This ensures that user profiles are portable and persistent across sessions, even though the session hosts are Entra-joined. Here's a step-by-step guide: Step 1: Prepare Your Storage for FSLogix Profiles You'll need a file share that can be accessed by your AVD session hosts and where user profile disks will be stored. Azure Files is a common and recommended solution for this. Create an Azure Storage Account : Go to the Azure portal, search for "Storage accounts," and click "Create." Choose your subscription and resource group. Give it a unique name (e.g., avdprofilesstorage). Select a region. For performance, consider "Premium" with "File shares" as the account kind, or "Standard" with "ZRS" or "GRS"...