Container creation fails because of "Failed create pod sandbox"

[Ocimum-basilicum]

Pods are not getting created anymore

Version

oc v3.6.173.0.7
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Server https://api.starter-ca-central-1.openshift.com:443
openshift v3.7.0-0.143.7
kubernetes v1.7.0+80709908fd

Steps To Reproduce

1. create a application (e.g. resid (persistent) from catalog)
2. check pod/container creation
3. wait for timeouts

Current Result

Warn messages on pod:
1:33:46 PM | Normal | Sandbox changed | Pod sandbox changed, it will be killed and re-created. 2 times in the last 5 minutes -- | -- | -- | -- 1:33:42 PM | Warning | Failed create pod sand box | Failed create pod sandbox. 2 times in the last 5 minutes
--> pod is not created

the only real error I could grab was :
Failed kill pod | error killing pod: failed to "KillPodSandbox" for "c4c2ec61-ba29-11e7-8b2c-02d8407159d1" with KillPodSandboxError: "rpc error: code = 2 desc = NetworkPlugin cni failed to teardown pod \"redis-1-deploy_instantsoundbot\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 4 (Another app is currently holding the xtables lock. Perhaps you want to use the -w option?\n)\n'"

Expected Result

pod should start up as the used to do...

Additional Information

Couldn't get oc adm diagnostics working atm
I guess it could have to do with the introduction of #15880

[tumido]

I'm facing the same in the starter-us-east-1.openshift.com environment. It's been unstable for couple of days already...

[pweil-]

/cc @jupierce

[sjenning]

This is a known issue that has a fix and it being rolled out to the starter clusters presently.

[skjolber]

I think 'm facing the same issue at starter-ca-central-1.openshift.com:

10:04:10 AM	Normal	Deadline exceeded	Pod was active on the node longer than the specified deadline
10:00:03 AM	Normal	Sandbox changed	Pod sandbox changed, it will be killed and re-created.14 times in the last 58 minutes
--	--	--	--
9:59:40 AM	Warning	Failed create pod sand box	Failed create pod sandbox.14 times in the last 58 minutes

When will the fix finish rolling out?

[14yannick]

Facing same issue not possible to rollout anything on starter-ca-central-1.openshift.com. Hope will be fixed soon.

[osamahassan245]

i got same issue , i tried to create application using tomcat 8 , and try to build source code that exist in this path
https://github.com/osamahassan245/samplepp

i got build error , when tried to check the log , got this log

container "sti-build" in pod is not available

[Artod]

Same problem on starter-ca-central-1.openshift.com

error streaming logs from build pod: sii-test/app-5-build container: , container "sti-build" in pod "app-5-build" is not available

[osamahassan245]

issue solved , i tried to use " Red Hat JBoss Web Server 3.1 Tomcat 8 1.0 " , it's working fine now