# 错误：部署回滚状态卡住：等待部署规范更新被观察...

- **ID:** `kubernetes/deployment-rollout-stuck-image-pull-back-off`
- **领域:** kubernetes
- **类别:** runtime_error
- **验证级别:** ai_generated
- **修复率:** 75%

## 根因

部署的镜像拉取回退阻止新 Pod 启动，因此回滚无法完成。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| kubectl v1.28 | active | — | — |
| kubectl v1.29 | active | — | — |
| kubectl v1.30 | active | — | — |

## 解决方案

1. ```
   Check image pull error: `kubectl describe pod <pod-name> | grep -A5 'Back-off'` to see exact reason (e.g., 'ImagePullBackOff'). Then fix image tag or registry credentials.
   ```
2. ```
   Update deployment with correct image: `kubectl set image deployment/<name> <container>=<correct-image>:<tag>` and watch rollout.
   ```
3. ```
   If private registry, create image pull secret: `kubectl create secret docker-registry regcred --docker-server=<registry> --docker-username=<user> --docker-password=<pass> --docker-email=<email>` then patch service account.
   ```

## 无效尝试

- **Force rollout restart with `kubectl rollout restart deployment`** — Restart does not fix the underlying image pull issue; new pods will still fail. (90% 失败率)
- **Delete and recreate the deployment** — Recreating deployment uses same image spec; problem persists unless image is fixed. (85% 失败率)
- **Wait longer (timeout >10 minutes)** — Back-off is exponential; waiting alone won't resolve if image doesn't exist or auth fails. (80% 失败率)