Questions to Determine

• Does the pod spec reference an imagePullSecrets entry?
• Does the referenced secret exist in the same namespace as the pod?
• Is the secret's .dockerconfigjson data valid and current?
• Were the registry credentials recently rotated?
• Was the Kubernetes secret updated after the credential rotation?
• Is the secret of type kubernetes.io/dockerconfigjson?
• Does the service account used by the pod have the imagePullSecrets attached?
• Can the registry be reached from the node (network/firewall)?
• Is the image tag correct and does it exist in the registry?