rio/debugging-k8s-pods
dot_config/opencode/skills/debugging-k8s-pods/SKILL.md
Debugs Kubernetes pod failures including CrashLoopBackOff, OOMKilled, ImagePullBackOff, init container failures, and CreateContainerConfigError. Use when pods crash, restart repeatedly, fail to start, or show container errors.
$ install --global
skillsauthnpx skillsauth add rio/dotfiles debugging-k8s-podsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 3:05 AM13.6s1 file scanned
SKILL.md
- name:
- debugging-k8s-pods
- description:
- Debugs Kubernetes pod failures including CrashLoopBackOff, OOMKilled, ImagePullBackOff, init container failures, and CreateContainerConfigError. Use when pods crash, restart repeatedly, fail to start, or show container errors.
- allowed-tools:
- Bash
Debugging Kubernetes Pods
Investigates pod lifecycle issues and container failures.
Pod Failure Patterns
| Status | Likely Cause | First Check |
|--------|-------------|-------------|
| CrashLoopBackOff | App crash or misconfiguration | Logs + exit code |
| ImagePullBackOff | Wrong image, missing tag, auth failure | Image name + pull secret |
| OOMKilled | Memory limit exceeded | Resource limits vs actual usage |
| CreateContainerConfigError | Missing ConfigMap/Secret | Referenced configs exist |
| Init:Error | Init container failed | Init container logs |
| Pending | Scheduling issue | Load debugging-k8s-scheduling |
Investigation Workflow
Step 1: Get Pod Status
kubectl get pod <pod> -n <ns> -o wide
kubectl describe pod <pod> -n <ns>
Look for:
- Status and Reason fields
- Last State for exit codes
- Events section at bottom
Step 2: Check Container Logs
# Current container logs
kubectl logs <pod> -n <ns>
# Previous crashed container logs
kubectl logs <pod> -n <ns> --previous
# Specific container in multi-container pod
kubectl logs <pod> -n <ns> -c <container>
# Init container logs
kubectl logs <pod> -n <ns> -c <init-container-name>
Step 3: Exit Code Analysis
| Exit Code | Meaning | |-----------|---------| | 0 | Success (check why it exited) | | 1 | Application error | | 137 | SIGKILL (OOMKilled or external kill) | | 139 | SIGSEGV (segmentation fault) | | 143 | SIGTERM (graceful shutdown requested) |
Get exit code:
kubectl get pod <pod> -n <ns> -o jsonpath='{.status.containerStatuses[0].lastState.terminated.exitCode}'
Specific Issues
CrashLoopBackOff
# Check logs from crashed container
kubectl logs <pod> -n <ns> --previous
# Check restart count and last state
kubectl get pod <pod> -n <ns> -o jsonpath='{.status.containerStatuses[0].restartCount}'
Common causes:
- Application startup failure
- Missing environment variables
- Missing dependencies (files, services)
- Liveness probe failing too quickly
ImagePullBackOff
# Check image name in events
kubectl describe pod <pod> -n <ns> | grep -A5 "Events:"
# Check if pull secret exists
kubectl get secrets -n <ns>
Common causes:
- Typo in image name or tag
- Private registry without imagePullSecret
- Tag doesn't exist (e.g.,
latestremoved)
OOMKilled
# Check memory limits
kubectl get pod <pod> -n <ns> -o jsonpath='{.spec.containers[*].resources}'
# Check if OOMKilled
kubectl get pod <pod> -n <ns> -o jsonpath='{.status.containerStatuses[0].lastState.terminated.reason}'
If OOMKilled: either increase memory limits or investigate memory leak.
CreateContainerConfigError
# Check what ConfigMap/Secret is referenced
kubectl get pod <pod> -n <ns> -o yaml | grep -A10 "env:\|envFrom:\|volumes:"
# Verify ConfigMap exists
kubectl get configmap -n <ns>
# Verify Secret exists
kubectl get secrets -n <ns>
Init Container Failures
# List init containers
kubectl get pod <pod> -n <ns> -o jsonpath='{.spec.initContainers[*].name}'
# Check init container logs
kubectl logs <pod> -n <ns> -c <init-container-name>
Quick Debug Commands
# Full pod YAML for deep inspection
kubectl get pod <pod> -n <ns> -o yaml
# Events for this pod only
kubectl get events -n <ns> --field-selector involvedObject.name=<pod>
# Check all containers status
kubectl get pod <pod> -n <ns> -o jsonpath='{range .status.containerStatuses[*]}{.name}: {.state}{"\n"}{end}'
Notes
- Load
retrieving-k8s-logsfor advanced log patterns - Load
debugging-k8s-resourcesif OOMKilled due to limits - Load
debugging-k8s-schedulingif stuck in Pending
Related Skills
rio/handoff
documentation
VerifiedTrustedCommunity
Compact the current conversation into a handoff document for another agent to pick up.
40SKILL.mdUpdated May 22, 2026
rio/write-a-skill
development
VerifiedTrustedCommunity
Create new agent skills with proper structure, progressive disclosure, and bundled resources. Use when user wants to create, write, or build a new skill.
40SKILL.mdUpdated May 17, 2026
rio/grill-me
testing
VerifiedTrustedCommunity
Interview the user relentlessly about a plan or design until reaching shared understanding, resolving each branch of the decision tree. Use when user wants to stress-test a plan, get grilled on their design, or mentions "grill me".
40SKILL.mdUpdated May 17, 2026
rio/retrieving-k8s-logs
development
VerifiedTrustedCommunity
Retrieves Kubernetes container logs with various patterns including multi-container pods, previous container logs, init containers, and label-based aggregation. Use when checking application logs, debugging crashes, or analyzing container output.
39SKILL.mdUpdated Apr 19, 2026