diff --git a/runtime/kubernetes/build.go b/runtime/kubernetes/build.go
index ad94681f..78e436cf 100644
--- a/runtime/kubernetes/build.go
+++ b/runtime/kubernetes/build.go
@@ -219,7 +219,7 @@ func (c *client) AssembleBuild(ctx context.Context, b *pipeline.Build) error {
 	close(c.PodTracker.Ready)
 
 	// wait for the PodTracker caches to populate before creating the pipeline pod.
-	if ok := cache.WaitForCacheSync(ctx.Done(), c.PodTracker.PodSynced); !ok {
+	if ok := cache.WaitForCacheSync(ctx.Done(), c.PodTracker.PodSynced, c.PodTracker.EventSynced); !ok {
 		return fmt.Errorf("failed to wait for caches to sync")
 	}
 
diff --git a/runtime/kubernetes/build_test.go b/runtime/kubernetes/build_test.go
index 50f304ea..ef9b6664 100644
--- a/runtime/kubernetes/build_test.go
+++ b/runtime/kubernetes/build_test.go
@@ -455,9 +455,10 @@ func TestKubernetes_StreamBuild(t *testing.T) {
 func TestKubernetes_AssembleBuild(t *testing.T) {
 	// setup tests
 	tests := []struct {
-		name     string
-		failure  bool
-		pipeline *pipeline.Build
+		name        string
+		failure     bool
+		cancelBuild bool
+		pipeline    *pipeline.Build
 		// k8sPod is the pod that the mock Kubernetes client will return
 		k8sPod *v1.Pod
 		// enginePod is the pod under construction in the Runtime Engine
@@ -491,6 +492,22 @@ func TestKubernetes_AssembleBuild(t *testing.T) {
 			k8sPod:    _pod,
 			enginePod: _pod,
 		},
+		{
+			name:        "stages-build canceled",
+			failure:     true,
+			cancelBuild: true,
+			pipeline:    _stages,
+			k8sPod:      &v1.Pod{},
+			enginePod:   _stagesPod,
+		},
+		{
+			name:        "steps-build canceled",
+			failure:     true,
+			cancelBuild: true,
+			pipeline:    _steps,
+			k8sPod:      &v1.Pod{},
+			enginePod:   _pod,
+		},
 	}
 
 	// run tests
@@ -508,16 +525,25 @@ func TestKubernetes_AssembleBuild(t *testing.T) {
 				_engine.containersLookup[ctn.Name] = i
 			}
 
+			// setup test context
+			ctx, done := context.WithCancel(context.Background())
+			defer done()
+
 			// StreamBuild and AssembleBuild coordinate their work, so, emulate
 			// executor.StreamBuild which calls runtime.StreamBuild concurrently.
 			go func() {
-				err := _engine.StreamBuild(context.Background(), test.pipeline)
-				if err != nil {
-					t.Errorf("unable to start PodTracker via StreamBuild")
+				if test.cancelBuild {
+					// simulate a build timeout
+					done()
+				} else {
+					err := _engine.StreamBuild(context.Background(), test.pipeline)
+					if err != nil {
+						t.Errorf("unable to start PodTracker via StreamBuild")
+					}
 				}
 			}()
 
-			err = _engine.AssembleBuild(context.Background(), test.pipeline)
+			err = _engine.AssembleBuild(ctx, test.pipeline)
 
 			if test.failure {
 				if err == nil {
diff --git a/runtime/kubernetes/container.go b/runtime/kubernetes/container.go
index 28e0932d..20948389 100644
--- a/runtime/kubernetes/container.go
+++ b/runtime/kubernetes/container.go
@@ -23,6 +23,38 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 )
 
+// These are known kubernetes event Reasons.
+const (
+	// nolint: godot // commented code is not a sentence
+	// known scheduler event reasons can be found here:
+	// https://github.com/kubernetes/kubernetes/blob/v1.23.6/pkg/scheduler/schedule_one.go
+	//reasonFailedScheduling = "FailedScheduling"
+	//reasonScheduled        = "Scheduled"
+
+	// known kubelet event reasons are listed here:
+	// https://github.com/kubernetes/kubernetes/blob/v1.23.6/pkg/kubelet/events/event.go
+
+	// kubelet image event reasons.
+	reasonPulling           = "Pulling"
+	reasonPulled            = "Pulled"
+	reasonFailed            = "Failed"            // Warning: image, container, pod
+	reasonInspectFailed     = "InspectFailed"     // Warning
+	reasonErrImageNeverPull = "ErrImageNeverPull" // Warning
+	reasonBackOff           = "BackOff"           // Normal: image, container
+
+	// nolint: godot // commented code is not a sentence
+	// kubelet container event reasons.
+	//reasonCreated             = "Created"
+	//reasonStarted             = "Started"
+	//reasonKilling             = "Killing"
+	//reasonPreempting          = "Preempting"
+	//reasonExceededGracePeriod = "ExceededGracePeriod"
+	// kubelet pod event reasons.
+	//reasonFailedKillPod            = "FailedKillPod"
+	//reasonFailedCreatePodContainer = "FailedCreatePodContainer"
+	//reasonNetworkNotReady          = "NetworkNotReady"
+)
+
 // InspectContainer inspects the pipeline container.
 func (c *client) InspectContainer(ctx context.Context, ctn *pipeline.Container) error {
 	c.Logger.Tracef("inspecting container %s", ctn.ID)
@@ -81,6 +113,12 @@ func (c *client) RunContainer(ctx context.Context, ctn *pipeline.Container, b *p
 		return err
 	}
 
+	// get the containerTracker for this container
+	ctnTracker, ok := c.PodTracker.Containers[ctn.ID]
+	if !ok {
+		return fmt.Errorf("containerTracker missing for %s", ctn.ID)
+	}
+
 	// set the pod container image to the parsed step image
 	c.Pod.Spec.Containers[c.containersLookup[ctn.ID]].Image = _image
 
@@ -98,7 +136,25 @@ func (c *client) RunContainer(ctx context.Context, ctn *pipeline.Container, b *p
 		return err
 	}
 
-	return nil
+	// make sure the container starts (watch for image pull errors or similar)
+	for {
+		select {
+		case <-ctx.Done():
+			// build was canceled. give up
+			return nil
+		case <-ctnTracker.Running:
+			// hooray it is running
+			return nil
+		case event := <-ctnTracker.ImagePullErrors:
+			return fmt.Errorf(
+				"failed to run container %s in %s: [%s] %s",
+				ctn.ID,
+				c.Pod.ObjectMeta.Name,
+				event.Reason,
+				event.Message,
+			)
+		}
+	}
 }
 
 // SetupContainer prepares the image for the pipeline container.
@@ -322,7 +378,14 @@ func (c *client) WaitContainer(ctx context.Context, ctn *pipeline.Container) err
 	}
 
 	// wait for the container terminated signal
-	<-tracker.Terminated
+	select {
+	case <-tracker.Terminated:
+		// container is terminated
+		break
+	case <-ctx.Done():
+		// build was canceled
+		break
+	}
 
 	return nil
 }
@@ -354,6 +417,12 @@ func (p *podTracker) inspectContainerStatuses(pod *v1.Pod) {
 		// cst.LastTerminationState has details about the kubernetes/pause image's exit.
 		// cst.RestartCount is 1 at exit due to switch from kubernetes/pause to final image.
 
+		if cst.Image != tracker.Image {
+			// we don't care if the pause image has terminated or is running
+			p.Logger.Tracef("container %s expected image %s, got %s", cst.Name, tracker.Image, cst.Image)
+			continue
+		}
+
 		// check if the container is in a terminated state
 		//
 		// https://pkg.go.dev/k8s.io/api/core/v1?tab=doc#ContainerState
@@ -364,6 +433,106 @@ func (p *podTracker) inspectContainerStatuses(pod *v1.Pod) {
 				// let WaitContainer know the container is terminated
 				close(tracker.Terminated)
 			})
+		} else if cst.State.Running != nil {
+			tracker.runningOnce.Do(func() {
+				p.Logger.Debugf("container running: %s in pod %s, %v", cst.Name, p.TrackedPod, cst)
+
+				// let RunContainer know the container is running
+				close(tracker.Running)
+			})
+		} else if cst.State.Waiting != nil &&
+			(cst.State.Waiting.Reason == reasonBackOff || cst.State.Waiting.Reason == reasonFailed) &&
+			strings.Contains(cst.State.Waiting.Message, tracker.Image) {
+			// inspectContainerStatuses should return as quickly as possible
+			// writing to the channel can block when nothing is receiving,
+			// so fire it off in a goroutine.
+			go func() {
+				// imitate an event to make sure we catch it.
+				tracker.ImagePullErrors <- &v1.Event{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: p.Namespace,
+					},
+					InvolvedObject: v1.ObjectReference{
+						Kind:      "Pod",
+						Name:      p.Name,
+						Namespace: p.Namespace,
+						FieldPath: fmt.Sprintf("spec.containers{%s}", tracker.Name),
+					},
+					Reason:  cst.State.Waiting.Reason,
+					Message: cst.State.Waiting.Message,
+				}
+			}()
+		}
+	}
+}
+
+// inspectContainerEvent gathers container info from an event.
+func (p *podTracker) inspectContainerEvent(event *v1.Event) {
+	if !strings.HasPrefix(event.InvolvedObject.FieldPath, "spec.containers") {
+		// event is not for a container
+		return
+	}
+
+	// the FieldPath format is "spec.containers{container-name}" for named containers
+	containerName := strings.TrimPrefix(event.InvolvedObject.FieldPath, "spec.containers{")
+	containerName = strings.TrimSuffix(containerName, "}")
+
+	if containerName == event.InvolvedObject.FieldPath {
+		// the FieldPath is probably the indexed "spec.containers[2]" format,
+		// which is only used for unnamed containers,
+		// but all of our containers are named.
+		p.Logger.Debugf("ignoring unnamed container, got pod fieldPath %s", event.InvolvedObject.FieldPath)
+
+		return
+	}
+
+	// get the containerTracker for this container
+	tracker, ok := p.Containers[containerName]
+	if !ok {
+		// unknown container (probably a sidecar injected by an admissions controller)
+		p.Logger.Debugf("ignoring untracked container %s from pod %s", containerName, p.TrackedPod)
+
+		return
+	}
+
+	p.Logger.Tracef("container event for %s: [%s] %s", tracker.Name, event.Reason, event.Message)
+
+	// check if the event mentions the target image.
+	// If the relevant messages does not include our image, then
+	// either it is for "kubernetes/pause:latest", which we don't care about,
+	// or it is a generic message that is basically useless like:
+	//   event.Reason => event.Message
+	//   Failed => Error: ErrImagePull
+	//   BackOff => Error: ImagePullBackOff
+	// Many of these generic messages come from this part of kubelet:
+	// https://github.com/kubernetes/kubernetes/blob/v1.23.6/pkg/kubelet/kuberuntime/kuberuntime_container.go
+	if strings.Contains(event.Message, tracker.Image) {
+		switch event.Reason {
+		// examples: event.Reason => event.Message
+		// The image related messages come from the image manager in kubelet:
+		// https://github.com/kubernetes/kubernetes/blob/v1.23.6/pkg/kubelet/images/image_manager.go
+		case reasonFailed, reasonBackOff, reasonInspectFailed, reasonErrImageNeverPull:
+			// Failed => Failed to pull image "image:tag": <containerd message>
+			// BackOff => Back-off pulling image "image:tag"
+			// InspectFailed => Failed to apply default image tag "<image>": couldn't parse image reference "<image>": <docker error>
+			// InspectFailed => Failed to inspect image "<image>": <docker error>
+			// ErrImageNeverPull => Container image "image:tag" is not present with pull policy of Never
+			tracker.ImagePullErrors <- event
+			return
+		case reasonPulled:
+			// Pulled => Successfully pulled image "image:tag" in <time>
+			// Pulled => Container image "image:tag" already present on machine
+			tracker.imagePulledOnce.Do(func() {
+				p.Logger.Debugf("container image pulled: %s in pod %s, %v", tracker.Name, p.TrackedPod, event.Message)
+
+				// let RunContainer know the container image was pulled
+				close(tracker.ImagePulled)
+			})
+		case reasonPulling:
+			// Pulling => Pulling image "image:tag"
+			return
+		default:
+			return
 		}
 	}
 }
diff --git a/runtime/kubernetes/container_test.go b/runtime/kubernetes/container_test.go
index 74369658..8a186d0f 100644
--- a/runtime/kubernetes/container_test.go
+++ b/runtime/kubernetes/container_test.go
@@ -6,15 +6,19 @@ package kubernetes
 
 import (
 	"context"
+	"fmt"
 	"reflect"
 	"testing"
 
+	"github.com/go-vela/types/constants"
 	"github.com/go-vela/types/pipeline"
 	"github.com/go-vela/worker/internal/image"
 	velav1alpha1 "github.com/go-vela/worker/runtime/kubernetes/apis/vela/v1alpha1"
 
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func TestKubernetes_InspectContainer(t *testing.T) {
@@ -177,33 +181,79 @@ func TestKubernetes_RunContainer(t *testing.T) {
 	// TODO: include VolumeMounts?
 	// setup tests
 	tests := []struct {
-		name      string
-		failure   bool
-		container *pipeline.Container
-		pipeline  *pipeline.Build
-		pod       *v1.Pod
-		volumes   []string
+		name           string
+		failure        bool
+		cancelBuild    bool
+		imagePullError bool
+		container      *pipeline.Container
+		pipeline       *pipeline.Build
+		oldPod         *v1.Pod
+		newPod         *v1.Pod
+		volumes        []string
 	}{
 		{
-			name:      "stages",
+			name:      "stages-step starts running",
 			failure:   false,
-			container: _container,
+			container: _stagesContainer,
 			pipeline:  _stages,
-			pod:       _pod,
+			oldPod:    _stagesPodBeforeRunStep,
+			newPod:    _stagesPodWithRunningStep,
 		},
 		{
-			name:      "steps",
+			name:      "steps-step starts running",
 			failure:   false,
 			container: _container,
 			pipeline:  _steps,
-			pod:       _pod,
+			oldPod:    _stepsPodBeforeRunStep,
+			newPod:    _stepsPodWithRunningStep,
+		},
+		{
+			name:        "stages-build canceled",
+			failure:     false,
+			cancelBuild: true,
+			container:   _stagesContainer,
+			pipeline:    _stages,
+			oldPod:      _stagesPodBeforeRunStep,
+			newPod:      _stagesPodWithRunningStep,
+		},
+		{
+			name:        "steps-build canceled",
+			failure:     false,
+			cancelBuild: true,
+			container:   _container,
+			pipeline:    _steps,
+			oldPod:      _stepsPodBeforeRunStep,
+			newPod:      _stepsPodWithRunningStep,
+		},
+		{
+			name:      "if client.Pod.Spec is empty podTracker fails",
+			failure:   true,
+			container: _container,
+			oldPod:    _pod,
+			newPod: &v1.Pod{
+				ObjectMeta: _pod.ObjectMeta,
+				TypeMeta:   _pod.TypeMeta,
+				Status:     _pod.Status,
+				// if client.Pod.Spec is empty, podTracker will fail
+				//Spec:       _pod.Spec,
+			},
+		},
+		{
+			name:           "steps-image pull error",
+			failure:        true,
+			imagePullError: true,
+			container:      _container,
+			pipeline:       _steps,
+			oldPod:         _stepsPodBeforeRunStep,
+			newPod:         _stepsPodWithRunningStep,
 		},
 	}
 
 	// run tests
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			_engine, err := NewMock(test.pod)
+			// set up the fake k8s clientset so that it returns the final/updated state
+			_engine, err := NewMock(test.newPod)
 			if err != nil {
 				t.Errorf("unable to create runtime engine: %v", err)
 			}
@@ -212,7 +262,47 @@ func TestKubernetes_RunContainer(t *testing.T) {
 				_engine.config.Volumes = test.volumes
 			}
 
-			err = _engine.RunContainer(context.Background(), test.container, test.pipeline)
+			// setup test context
+			ctx, done := context.WithCancel(context.Background())
+			defer done()
+
+			// use an errgroup to make sure the test goroutine finishes
+			grp, _ := errgroup.WithContext(ctx)
+			defer func() {
+				err := grp.Wait()
+				if err != nil {
+					t.Error("waitgroup got an error")
+				}
+			}()
+
+			grp.Go(func() error {
+				oldPod := test.oldPod.DeepCopy()
+				oldPod.SetResourceVersion("older")
+
+				if test.cancelBuild {
+					// simulate a build timeout
+					done()
+				} else if test.imagePullError {
+					ctnTracker, ok := _engine.PodTracker.Containers[test.container.ID]
+					if !ok {
+						t.Error("containerTracker is missing")
+					}
+
+					ctnTracker.ImagePullErrors <- mockContainerEvent(
+						oldPod,
+						test.container.ID,
+						reasonFailed,
+						fmt.Sprintf("Failed to pull image \"%s\": containerd message foobar", test.container.Image),
+					)
+				} else {
+					// simulate a re-sync/PodUpdate event
+					_engine.PodTracker.HandlePodUpdate(oldPod, _engine.Pod)
+				}
+				return nil
+			})
+
+			// before returning RunContainer waits for: running container, canceled build, or image pull error
+			err = _engine.RunContainer(ctx, test.container, test.pipeline)
 
 			if test.failure {
 				if err == nil {
@@ -248,7 +338,7 @@ func TestKubernetes_SetupContainer(t *testing.T) {
 			wantFromTemplate: nil,
 		},
 		{
-			name:    "step-echo",
+			name:    "step-echo-pull always",
 			failure: false,
 			container: &pipeline.Container{
 				ID:          "step_github_octocat_1_echo",
@@ -259,7 +349,79 @@ func TestKubernetes_SetupContainer(t *testing.T) {
 				Image:       "alpine:latest",
 				Name:        "echo",
 				Number:      2,
-				Pull:        "always",
+				Pull:        constants.PullAlways,
+			},
+			opts:             nil,
+			wantPrivileged:   false,
+			wantFromTemplate: nil,
+		},
+		{
+			name:    "step-echo-pull never",
+			failure: false,
+			container: &pipeline.Container{
+				ID:          "step_github_octocat_1_echo",
+				Commands:    []string{"echo", "hello"},
+				Directory:   "/vela/src/github.com/octocat/helloworld",
+				Environment: map[string]string{"FOO": "bar"},
+				Entrypoint:  []string{"/bin/sh", "-c"},
+				Image:       "alpine:latest",
+				Name:        "echo",
+				Number:      2,
+				Pull:        constants.PullNever,
+			},
+			opts:             nil,
+			wantPrivileged:   false,
+			wantFromTemplate: nil,
+		},
+		{
+			name:    "step-echo-pull on start",
+			failure: false,
+			container: &pipeline.Container{
+				ID:          "step_github_octocat_1_echo",
+				Commands:    []string{"echo", "hello"},
+				Directory:   "/vela/src/github.com/octocat/helloworld",
+				Environment: map[string]string{"FOO": "bar"},
+				Entrypoint:  []string{"/bin/sh", "-c"},
+				Image:       "alpine:latest",
+				Name:        "echo",
+				Number:      2,
+				Pull:        constants.PullOnStart,
+			},
+			opts:             nil,
+			wantPrivileged:   false,
+			wantFromTemplate: nil,
+		},
+		{
+			name:    "step-echo-pull not present",
+			failure: false,
+			container: &pipeline.Container{
+				ID:          "step_github_octocat_1_echo",
+				Commands:    []string{"echo", "hello"},
+				Directory:   "/vela/src/github.com/octocat/helloworld",
+				Environment: map[string]string{"FOO": "bar"},
+				Entrypoint:  []string{"/bin/sh", "-c"},
+				Image:       "alpine:latest",
+				Name:        "echo",
+				Number:      2,
+				Pull:        constants.PullNotPresent,
+			},
+			opts:             nil,
+			wantPrivileged:   false,
+			wantFromTemplate: nil,
+		},
+		{
+			name:    "step-echo-pull default",
+			failure: false,
+			container: &pipeline.Container{
+				ID:          "step_github_octocat_1_echo",
+				Commands:    []string{"echo", "hello"},
+				Directory:   "/vela/src/github.com/octocat/helloworld",
+				Environment: map[string]string{"FOO": "bar"},
+				Entrypoint:  []string{"/bin/sh", "-c"},
+				Image:       "alpine:latest",
+				Name:        "echo",
+				Number:      2,
+				Pull:        "",
 			},
 			opts:             nil,
 			wantPrivileged:   false,
@@ -420,11 +582,13 @@ func TestKubernetes_TailContainer(t *testing.T) {
 func TestKubernetes_WaitContainer(t *testing.T) {
 	// setup tests
 	tests := []struct {
-		name      string
-		failure   bool
-		container *pipeline.Container
-		oldPod    *v1.Pod
-		newPod    *v1.Pod
+		name        string
+		failure     bool
+		cancelBuild bool
+		ctx         context.Context
+		container   *pipeline.Container
+		oldPod      *v1.Pod
+		newPod      *v1.Pod
 	}{
 		{
 			name:      "default order in ContainerStatuses",
@@ -474,23 +638,16 @@ func TestKubernetes_WaitContainer(t *testing.T) {
 			name:      "container goes from running to terminated",
 			failure:   false,
 			container: _container,
-			oldPod: &v1.Pod{
-				ObjectMeta: _pod.ObjectMeta,
-				TypeMeta:   _pod.TypeMeta,
-				Spec:       _pod.Spec,
-				Status: v1.PodStatus{
-					Phase: v1.PodRunning,
-					ContainerStatuses: []v1.ContainerStatus{
-						{
-							Name: "step-github-octocat-1-clone",
-							State: v1.ContainerState{
-								Running: &v1.ContainerStateRunning{},
-							},
-						},
-					},
-				},
-			},
-			newPod: _pod,
+			oldPod:    _stepsPodWithRunningStep,
+			newPod:    _pod,
+		},
+		{
+			name:        "canceled build",
+			failure:     false,
+			cancelBuild: true,
+			container:   _container,
+			oldPod:      _stepsPodWithRunningStep,
+			newPod:      _pod,
 		},
 		{
 			name:      "if client.Pod.Spec is empty podTracker fails",
@@ -516,15 +673,24 @@ func TestKubernetes_WaitContainer(t *testing.T) {
 				t.Errorf("unable to create runtime engine: %v", err)
 			}
 
+			// setup test context
+			ctx, done := context.WithCancel(context.Background())
+			defer done()
+
 			go func() {
 				oldPod := test.oldPod.DeepCopy()
 				oldPod.SetResourceVersion("older")
 
-				// simulate a re-sync/PodUpdate event
-				_engine.PodTracker.HandlePodUpdate(oldPod, _engine.Pod)
+				if test.cancelBuild {
+					// simulate a build timeout
+					done()
+				} else {
+					// simulate a re-sync/PodUpdate event
+					_engine.PodTracker.HandlePodUpdate(oldPod, _engine.Pod)
+				}
 			}()
 
-			err = _engine.WaitContainer(context.Background(), test.container)
+			err = _engine.WaitContainer(ctx, test.container)
 
 			if test.failure {
 				if err == nil {
@@ -546,24 +712,31 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 	logger := logrus.NewEntry(logrus.StandardLogger())
 
 	tests := []struct {
-		name       string
-		trackedPod string
-		ctnName    string
-		terminated bool
-		pod        *v1.Pod
+		name           string
+		trackedPod     string
+		ctnName        string
+		ctnImage       string
+		terminated     bool
+		running        bool
+		imagePullError bool
+		pod            *v1.Pod
 	}{
 		{
 			name:       "container is terminated",
 			trackedPod: "test/github-octocat-1",
 			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
 			terminated: true,
+			running:    false,
 			pod:        _pod,
 		},
 		{
 			name:       "pod is pending",
 			trackedPod: "test/github-octocat-1",
 			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
 			terminated: false,
+			running:    false,
 			pod: &v1.Pod{
 				ObjectMeta: _pod.ObjectMeta,
 				TypeMeta:   _pod.TypeMeta,
@@ -577,7 +750,18 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 			name:       "container is running",
 			trackedPod: "test/github-octocat-1",
 			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
+			terminated: false,
+			running:    true,
+			pod:        _stepsPodWithRunningStep,
+		},
+		{
+			name:       "container is still running pause image",
+			trackedPod: "test/github-octocat-1",
+			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
 			terminated: false,
+			running:    false,
 			pod: &v1.Pod{
 				ObjectMeta: _pod.ObjectMeta,
 				TypeMeta:   _pod.TypeMeta,
@@ -586,7 +770,33 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 					Phase: v1.PodRunning,
 					ContainerStatuses: []v1.ContainerStatus{
 						{
-							Name: "step-github-octocat-1-clone",
+							Name:  "step-github-octocat-1-clone",
+							Image: pauseImage,
+							State: v1.ContainerState{
+								Running: &v1.ContainerStateRunning{},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name:       "container is still running pause image",
+			trackedPod: "test/github-octocat-1",
+			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
+			terminated: false,
+			running:    false,
+			pod: &v1.Pod{
+				ObjectMeta: _pod.ObjectMeta,
+				TypeMeta:   _pod.TypeMeta,
+				Spec:       _pod.Spec,
+				Status: v1.PodStatus{
+					Phase: v1.PodRunning,
+					ContainerStatuses: []v1.ContainerStatus{
+						{
+							Name:  "step-github-octocat-1-clone",
+							Image: image.Parse(pauseImage),
 							State: v1.ContainerState{
 								Running: &v1.ContainerStateRunning{},
 							},
@@ -599,7 +809,9 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 			name:       "pod has an untracked container",
 			trackedPod: "test/github-octocat-1",
 			ctnName:    "step-github-octocat-1-clone",
+			ctnImage:   "target/vela-git:v0.4.0",
 			terminated: true,
+			running:    false,
 			pod: &v1.Pod{
 				ObjectMeta: _pod.ObjectMeta,
 				TypeMeta:   _pod.TypeMeta,
@@ -608,7 +820,8 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 					Phase: v1.PodRunning,
 					ContainerStatuses: []v1.ContainerStatus{
 						{
-							Name: "step-github-octocat-1-clone",
+							Name:  "step-github-octocat-1-clone",
+							Image: "target/vela-git:v0.4.0",
 							State: v1.ContainerState{
 								Terminated: &v1.ContainerStateTerminated{
 									Reason:   "Completed",
@@ -617,7 +830,8 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 							},
 						},
 						{
-							Name: "injected-by-admissions-controller",
+							Name:  "injected-by-admissions-controller",
+							Image: "target/vela-git:v0.4.0",
 							State: v1.ContainerState{
 								Running: &v1.ContainerStateRunning{},
 							},
@@ -626,12 +840,45 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:           "image pull failure reported in ContainerStatus",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			terminated:     false,
+			running:        false,
+			imagePullError: true,
+			pod: &v1.Pod{
+				ObjectMeta: _pod.ObjectMeta,
+				TypeMeta:   _pod.TypeMeta,
+				Spec:       _pod.Spec,
+				Status: v1.PodStatus{
+					Phase: v1.PodRunning,
+					ContainerStatuses: []v1.ContainerStatus{
+						{
+							Name:  "step-github-octocat-1-clone",
+							Image: "target/vela-git:v0.4.0",
+							State: v1.ContainerState{
+								Waiting: &v1.ContainerStateWaiting{
+									Reason:  reasonFailed,
+									Message: "Failed to pull image \"target/vela-git:v0.4.0\": containerd message foobar",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			ctnTracker := containerTracker{
-				Name:       test.ctnName,
-				Terminated: make(chan struct{}),
+				Name:            test.ctnName,
+				Image:           test.ctnImage,
+				ImagePulled:     make(chan struct{}),
+				ImagePullErrors: make(chan *v1.Event),
+				Running:         make(chan struct{}),
+				Terminated:      make(chan struct{}),
 			}
 			podTracker := podTracker{
 				Logger:     logger,
@@ -642,6 +889,30 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 			}
 			podTracker.Containers[test.ctnName] = &ctnTracker
 
+			if test.imagePullError {
+				ctx, done := context.WithCancel(context.Background())
+				defer done()
+
+				// use an errgroup to make sure the test goroutine finishes
+				grp, grpCtx := errgroup.WithContext(ctx)
+				defer func() {
+					err := grp.Wait()
+					if err != nil {
+						t.Error("waitgroup got an error")
+					}
+				}()
+
+				grp.Go(func() error {
+					select {
+					case <-ctnTracker.ImagePullErrors:
+						return nil // success
+					case <-grpCtx.Done():
+						t.Error("inspectContainerStatuses should have sent an imagePullError")
+						return nil
+					}
+				})
+			}
+
 			podTracker.inspectContainerStatuses(test.pod)
 
 			func() {
@@ -657,6 +928,326 @@ func Test_podTracker_inspectContainerStatuses(t *testing.T) {
 					t.Error("inspectContainerStatuses should have signaled termination")
 				}
 			}()
+
+			func() {
+				defer func() {
+					// nolint: errcheck // repeat close() panics (otherwise it won't)
+					recover()
+				}()
+
+				close(ctnTracker.Running)
+
+				// this will only run if close() did not panic
+				if test.running {
+					t.Error("inspectContainerStatuses should have signaled running")
+				}
+			}()
+		})
+	}
+}
+
+func Test_podTracker_inspectContainerEvent(t *testing.T) {
+	// setup types
+	logger := logrus.NewEntry(logrus.StandardLogger())
+
+	tests := []struct {
+		name           string
+		trackedPod     string
+		ctnName        string
+		ctnImage       string
+		imagePulled    bool
+		imagePullError bool
+		event          *v1.Event
+	}{
+		{
+			name:           "pod scheduled event ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: &v1.Event{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      _pod.ObjectMeta.Name + ".16ea333d810392b7",
+					Namespace: _pod.ObjectMeta.Namespace,
+				},
+				Action:              "Binding",
+				Reason:              "Scheduled", // reasonScheduled,
+				Message:             "Successfully assigned test/github-octocat-1 to k8s-worker",
+				ReportingController: "default-scheduler",
+				ReportingInstance:   "default-scheduler-k8s-master",
+				Source:              v1.EventSource{}, // empty
+			},
+		},
+		{
+			name:           "container created event is ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				"Created", // reasonCreated,
+				"Created container step-github-octocat-1-clone",
+			),
+		},
+		{
+			name:           "container started event is ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				"Started", // reasonStarted,
+				"Started container step-github-octocat-1-clone",
+			),
+		},
+		{
+			name:           "container killing event is ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				"Killing", //reasonKilling,
+				"Container step-github-octocat-1-clone definition changed, will be restarted",
+			),
+		},
+		{
+			name:           "generic image pull failed event is ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonFailed,
+				"ErrImagePull",
+			),
+		},
+		{
+			name:           "generic image pull back-off is ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonBackOff,
+				"ImagePullBackOff",
+			),
+		},
+		{
+			name:           "event for unnamed container ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"",
+				reasonFailed,
+				"Failed to pull image \"target/vela-git:v0.4.0\": containerd message",
+			),
+		},
+		{
+			name:           "event for unknown container ignored",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"admissions-controller-injected-container",
+				reasonFailed,
+				"Failed to pull image \"target/vela-git:v0.4.0\": containerd message",
+			),
+		},
+		{
+			name:           "image pull failed",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: true,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonFailed,
+				"Failed to pull image \"target/vela-git:v0.4.0\": containerd message",
+			),
+		},
+		{
+			name:           "image pull back-off",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: true,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonBackOff,
+				"Back-off pulling image \"target/vela-git:v0.4.0\"",
+			),
+		},
+		{
+			name:           "image inspect failed",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: true,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonInspectFailed,
+				"Failed to inspect image \"target/vela-git:v0.4.0\": docker error",
+			),
+		},
+		{
+			name:           "image pull policy is never",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: true,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonErrImageNeverPull,
+				"Container image \"target/vela-git:v0.4.0\" is not present with pull policy of Never",
+			),
+		},
+		{
+			name:           "image pulled",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    true,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonPulled,
+				"Successfully pulled image \"target/vela-git:v0.4.0\" in 5s",
+			),
+		},
+		{
+			name:           "image already present",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    true,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonPulled,
+				"Container image \"target/vela-git:v0.4.0\" already present on machine",
+			),
+		},
+		{
+			name:           "image pulling",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				reasonPulling,
+				"Pulling image \"target/vela-git:v0.4.0\"",
+			),
+		},
+		{
+			name:           "unrecognized event reason",
+			trackedPod:     "test/github-octocat-1",
+			ctnName:        "step-github-octocat-1-clone",
+			ctnImage:       "target/vela-git:v0.4.0",
+			imagePulled:    false,
+			imagePullError: false,
+			event: mockContainerEvent(
+				_pod,
+				"step-github-octocat-1-clone",
+				"foobar",
+				"Pulling image \"target/vela-git:v0.4.0\"",
+			),
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			ctnTracker := containerTracker{
+				Name:            test.ctnName,
+				Image:           test.ctnImage,
+				ImagePulled:     make(chan struct{}),
+				ImagePullErrors: make(chan *v1.Event),
+				Running:         make(chan struct{}),
+				Terminated:      make(chan struct{}),
+			}
+			podTracker := podTracker{
+				Logger:     logger,
+				TrackedPod: test.trackedPod,
+				Containers: map[string]*containerTracker{},
+				// other fields not used by inspectContainerEvent
+				// if they're needed, use newPodTracker
+			}
+			podTracker.Containers[test.ctnName] = &ctnTracker
+
+			if test.imagePullError {
+				ctx, done := context.WithCancel(context.Background())
+				defer done()
+
+				// use an errgroup to make sure the test goroutine finishes
+				grp, grpCtx := errgroup.WithContext(ctx)
+				defer func() {
+					err := grp.Wait()
+					if err != nil {
+						t.Error("waitgroup got an error")
+					}
+				}()
+
+				grp.Go(func() error {
+					select {
+					case <-ctnTracker.ImagePullErrors:
+						return nil // success
+					case <-grpCtx.Done():
+						t.Error("inspectContainerEvent should have sent an imagePullError")
+						return nil
+					}
+				})
+			}
+
+			podTracker.inspectContainerEvent(test.event)
+
+			func() {
+				defer func() {
+					// nolint: errcheck // repeat close() panics (otherwise it won't)
+					recover()
+				}()
+
+				close(ctnTracker.ImagePulled)
+
+				// this will only run if close() did not panic
+				if test.imagePulled {
+					t.Error("inspectContainerEvent should have signaled termination")
+				}
+			}()
 		})
 	}
 }
diff --git a/runtime/kubernetes/kubernetes_test.go b/runtime/kubernetes/kubernetes_test.go
index 60e2a5ed..0c1d3c17 100644
--- a/runtime/kubernetes/kubernetes_test.go
+++ b/runtime/kubernetes/kubernetes_test.go
@@ -5,6 +5,7 @@
 package kubernetes
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/go-vela/types/pipeline"
@@ -80,6 +81,16 @@ var (
 		Pull:        "always",
 	}
 
+	_stagesContainer = &pipeline.Container{
+		ID:          "step-github-octocat-1-clone-clone",
+		Directory:   _container.Directory,
+		Environment: _container.Environment,
+		Image:       _container.Image,
+		Name:        _container.Name,
+		Number:      _container.Number,
+		Pull:        _container.Pull,
+	}
+
 	_pod = &v1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "github-octocat-1",
@@ -158,6 +169,122 @@ var (
 		},
 	}
 
+	_stepsPodBeforeRunStep = &v1.Pod{
+		ObjectMeta: _pod.ObjectMeta,
+		TypeMeta:   _pod.TypeMeta,
+		Status: v1.PodStatus{
+			Phase: v1.PodRunning,
+			ContainerStatuses: []v1.ContainerStatus{
+				{
+					Name:  "step-github-octocat-1-clone",
+					Image: pauseImage, // step is not running yet
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "step-github-octocat-1-echo",
+					Image: pauseImage, // step is not running yet
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "service-github-octocat-1-postgres",
+					Image: "postgres:12-alpine",
+					State: v1.ContainerState{
+						// service is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+			},
+		},
+		Spec: v1.PodSpec{
+			Containers: []v1.Container{
+				{
+					Name:            "step-github-octocat-1-clone",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "step-github-octocat-1-echo",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "service-github-octocat-1-postgres",
+					Image:           "postgres:12-alpine",
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+			},
+			HostAliases: _pod.Spec.HostAliases,
+			Volumes:     _pod.Spec.Volumes,
+		},
+	}
+
+	_stepsPodWithRunningStep = &v1.Pod{
+		ObjectMeta: _pod.ObjectMeta,
+		TypeMeta:   _pod.TypeMeta,
+		Status: v1.PodStatus{
+			Phase: v1.PodRunning,
+			ContainerStatuses: []v1.ContainerStatus{
+				{
+					Name:  "step-github-octocat-1-clone",
+					Image: "target/vela-git:v0.4.0",
+					State: v1.ContainerState{
+						// step is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "step-github-octocat-1-echo",
+					Image: pauseImage,
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "service-github-octocat-1-postgres",
+					Image: "postgres:12-alpine",
+					State: v1.ContainerState{
+						// service is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+			},
+		},
+		Spec: v1.PodSpec{
+			Containers: []v1.Container{
+				{
+					Name:            "step-github-octocat-1-clone",
+					Image:           "target/vela-git:v0.4.0", // running
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "step-github-octocat-1-echo",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "service-github-octocat-1-postgres",
+					Image:           "postgres:12-alpine",
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+			},
+			HostAliases: _pod.Spec.HostAliases,
+			Volumes:     _pod.Spec.Volumes,
+		},
+	}
+
 	_stages = &pipeline.Build{
 		Version: "1",
 		ID:      "github-octocat-1",
@@ -321,4 +448,150 @@ var (
 			},
 		},
 	}
+
+	_stagesPodBeforeRunStep = &v1.Pod{
+		ObjectMeta: _stagesPod.ObjectMeta,
+		TypeMeta:   _stagesPod.TypeMeta,
+		Status: v1.PodStatus{
+			Phase: v1.PodRunning,
+			ContainerStatuses: []v1.ContainerStatus{
+				{
+					Name:  "step-github-octocat-1-clone-clone",
+					Image: pauseImage, // step is not running yet
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "step-github-octocat-1-echo-echo",
+					Image: pauseImage, // step is not running yet
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "service-github-octocat-1-postgres",
+					Image: "postgres:12-alpine",
+					State: v1.ContainerState{
+						// service is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+			},
+		},
+		Spec: v1.PodSpec{
+			Containers: []v1.Container{
+				{
+					Name:            "step-github-octocat-1-clone-clone",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "step-github-octocat-1-echo-echo",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "service-github-octocat-1-postgres",
+					Image:           "postgres:12-alpine",
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+			},
+			HostAliases: _stagesPod.Spec.HostAliases,
+			Volumes:     _stagesPod.Spec.Volumes,
+		},
+	}
+
+	_stagesPodWithRunningStep = &v1.Pod{
+		ObjectMeta: _stagesPod.ObjectMeta,
+		TypeMeta:   _stagesPod.TypeMeta,
+		Status: v1.PodStatus{
+			Phase: v1.PodRunning,
+			ContainerStatuses: []v1.ContainerStatus{
+				{
+					Name:  "step-github-octocat-1-clone-clone",
+					Image: "target/vela-git:v0.4.0",
+					State: v1.ContainerState{
+						// step is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "step-github-octocat-1-echo-echo",
+					Image: pauseImage,
+					State: v1.ContainerState{
+						// pause is running, not the step image
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+				{
+					Name:  "service-github-octocat-1-postgres",
+					Image: "postgres:12-alpine",
+					State: v1.ContainerState{
+						// service is running
+						Running: &v1.ContainerStateRunning{},
+					},
+				},
+			},
+		},
+		Spec: v1.PodSpec{
+			Containers: []v1.Container{
+				{
+					Name:            "step-github-octocat-1-clone-clone",
+					Image:           "target/vela-git:v0.4.0", // running
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "step-github-octocat-1-echo-echo",
+					Image:           pauseImage, // not running yet
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+				{
+					Name:            "service-github-octocat-1-postgres",
+					Image:           "postgres:12-alpine",
+					WorkingDir:      "/vela/src/github.com/octocat/helloworld",
+					ImagePullPolicy: v1.PullAlways,
+				},
+			},
+			HostAliases: _stagesPod.Spec.HostAliases,
+			Volumes:     _stagesPod.Spec.Volumes,
+		},
+	}
 )
+
+func mockContainerEvent(pod *v1.Pod, ctnName, reason, message string) *v1.Event {
+	var fieldPath string
+	if ctnName != "" {
+		fieldPath = fmt.Sprintf("spec.containers{%s}", ctnName)
+	} else {
+		fieldPath = "spec.containers[2]"
+	}
+
+	return &v1.Event{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      _pod.ObjectMeta.Name + ".16ea333d810392b7",
+			Namespace: pod.ObjectMeta.Namespace,
+		},
+		InvolvedObject: v1.ObjectReference{
+			Kind:      pod.TypeMeta.Kind,
+			Name:      pod.ObjectMeta.Name,
+			Namespace: pod.ObjectMeta.Namespace,
+			FieldPath: fieldPath,
+		},
+		ReportingController: "",
+		ReportingInstance:   "",
+		Source: v1.EventSource{
+			Component: "kubelet",
+			Host:      "k8s-worker",
+		},
+		Reason:  reason,
+		Message: message,
+	}
+}
diff --git a/runtime/kubernetes/pod_tracker.go b/runtime/kubernetes/pod_tracker.go
index 221e881f..791bd2ad 100644
--- a/runtime/kubernetes/pod_tracker.go
+++ b/runtime/kubernetes/pod_tracker.go
@@ -28,11 +28,23 @@ import (
 type containerTracker struct {
 	// Name is the name of the container
 	Name string
+	// Image is the final image of the container
+	Image string
+
+	// imagePulledOnce ensures that the ImagePulled channel only gets closed once.
+	imagePulledOnce sync.Once
+	// ImagePulled will be closed once the container's image has been pulled.
+	ImagePulled chan struct{}
+	// ImagePullErrors collects any image pull errors.
+	ImagePullErrors chan *v1.Event
+	// runningOnce ensures that the Running channel only gets closed once.
+	runningOnce sync.Once
+	// Running will be closed once the container reaches a running state.
+	Running chan struct{}
 	// terminatedOnce ensures that the Terminated channel only gets closed once.
 	terminatedOnce sync.Once
 	// Terminated will be closed once the container reaches a terminal state.
 	Terminated chan struct{}
-	// TODO: collect streaming logs here before TailContainer is called
 }
 
 // podTracker contains Informers used to watch and synchronize local k8s caches.
@@ -40,15 +52,24 @@ type containerTracker struct {
 type podTracker struct {
 	// https://pkg.go.dev/github.com/sirupsen/logrus#Entry
 	Logger *logrus.Entry
+
+	// Name is the Name of the tracked pod
+	Name string
+	// Namespace is the Namespace of the tracked pod
+	Namespace string
 	// TrackedPod is the Namespace/Name of the tracked pod
 	TrackedPod string
 
 	// informerFactory is used to create Informers and Listers
 	informerFactory kubeinformers.SharedInformerFactory
-	// informerDone is a function used to stop the informerFactory
+	// eventInformerFactory is used to create Informers and Listers for events
+	eventInformerFactory kubeinformers.SharedInformerFactory
+	// informerDone is a function used to stop informerFactory and eventInformerFactory
 	informerDone context.CancelFunc
 	// podInformer watches the given pod, caches the results, and makes them available in podLister
 	podInformer informers.PodInformer
+	// eventInformer watches events for the given pod, caches the results, and makes them available in eventLister
+	eventInformer informers.EventInformer
 
 	// PodLister helps list Pods. All objects returned here must be treated as read-only.
 	PodLister listers.PodLister
@@ -56,6 +77,12 @@ type podTracker struct {
 	// This is useful for determining if caches have synced.
 	PodSynced cache.InformerSynced
 
+	// EventLister helps list Events. All objects returned here must be treated as read-only.
+	EventLister listers.EventLister
+	// EventSynced is a function that can be used to determine if an informer has synced.
+	// This is useful for determining if caches have synced.
+	EventSynced cache.InformerSynced
+
 	// Containers maps the container name to a containerTracker
 	Containers map[string]*containerTracker
 
@@ -143,6 +170,72 @@ func (p *podTracker) getTrackedPod(obj interface{}) *v1.Pod {
 	return pod
 }
 
+// HandleEventAdd is an AddFunc for cache.ResourceEventHandlerFuncs for Events.
+func (p *podTracker) HandleEventAdd(newObj interface{}) {
+	newEvent := p.getTrackedPodEvent(newObj)
+	if newEvent == nil {
+		// not valid or not for our tracked pod
+		return
+	}
+
+	p.Logger.Tracef(
+		"handling %s event add event for %s: fieldPath=%v",
+		newEvent.Type, // Normal, Warning
+		p.TrackedPod,
+		newEvent.InvolvedObject.FieldPath,
+	)
+
+	p.inspectContainerEvent(newEvent)
+}
+
+// HandleEventUpdate is an UpdateFunc for cache.ResourceEventHandlerFuncs for Events.
+func (p *podTracker) HandleEventUpdate(oldObj, newObj interface{}) {
+	oldEvent := p.getTrackedPodEvent(oldObj)
+	newEvent := p.getTrackedPodEvent(newObj)
+
+	if oldEvent == nil || newEvent == nil {
+		// not valid or not for our tracked pod
+		return
+	}
+
+	p.Logger.Tracef(
+		"handling %s event update event for %s: fieldPath=%v",
+		newEvent.Type, // Normal, Warning
+		p.TrackedPod,
+		newEvent.InvolvedObject.FieldPath,
+	)
+
+	p.inspectContainerEvent(newEvent)
+}
+
+// getTrackedPodEvent tries to convert the obj into an Event and makes sure it is for the tracked Pod.
+// This should only be used by the funcs of cache.ResourceEventHandlerFuncs.
+func (p *podTracker) getTrackedPodEvent(obj interface{}) *v1.Event {
+	var (
+		event *v1.Event
+		ok    bool
+	)
+
+	if event, ok = obj.(*v1.Event); !ok {
+		p.Logger.Errorf("error decoding event, invalid type")
+		return nil
+	}
+
+	eventObjectName := event.InvolvedObject.Namespace + "/" + event.InvolvedObject.Name
+	if event.InvolvedObject.Kind != "Pod" || eventObjectName != p.TrackedPod {
+		p.Logger.Errorf(
+			"unexpected event for %s (%s), expected %s (Pod)",
+			eventObjectName,
+			event.InvolvedObject.Kind,
+			p.TrackedPod,
+		)
+
+		return nil
+	}
+
+	return event
+}
+
 // Start kicks off the API calls to start populating the cache.
 // There is no need to run this in a separate goroutine (ie go podTracker.Start(ctx)).
 func (p *podTracker) Start(ctx context.Context) {
@@ -153,6 +246,7 @@ func (p *podTracker) Start(ctx context.Context) {
 
 	// Start method is non-blocking and runs all registered informers in a dedicated goroutine.
 	p.informerFactory.Start(informerCtx.Done())
+	p.eventInformerFactory.Start(informerCtx.Done())
 }
 
 // Stop shuts down any informers (e.g. stop watching APIs).
@@ -174,8 +268,12 @@ func (p *podTracker) TrackContainers(containers []v1.Container) {
 
 	for _, ctn := range containers {
 		p.Containers[ctn.Name] = &containerTracker{
-			Name:       ctn.Name,
-			Terminated: make(chan struct{}),
+			Name:            ctn.Name,
+			Image:           ctn.Image,
+			ImagePulled:     make(chan struct{}),
+			ImagePullErrors: make(chan *v1.Event),
+			Running:         make(chan struct{}),
+			Terminated:      make(chan struct{}),
 		}
 	}
 }
@@ -193,8 +291,8 @@ func newPodTracker(log *logrus.Entry, clientset kubernetes.Interface, pod *v1.Po
 
 	log.Tracef("creating PodTracker for pod %s", trackedPod)
 
-	// create label selector for watching the pod
-	selector, err := labels.NewRequirement(
+	// create labelSelector for watching the pod
+	labelSelector, err := labels.NewRequirement(
 		"pipeline",
 		selection.Equals,
 		[]string{fields.EscapeValue(pod.ObjectMeta.Name)},
@@ -203,26 +301,48 @@ func newPodTracker(log *logrus.Entry, clientset kubernetes.Interface, pod *v1.Po
 		return nil, err
 	}
 
+	// create fieldSelector for watching the pod events
+	fieldSelector := fields.Set{
+		"involvedObject.name": fields.EscapeValue(pod.ObjectMeta.Name),
+	}.AsSelector()
+
 	// create filtered Informer factory which is commonly used for k8s controllers
 	informerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(
 		clientset,
 		defaultResync,
 		kubeinformers.WithNamespace(pod.ObjectMeta.Namespace),
 		kubeinformers.WithTweakListOptions(func(listOptions *metav1.ListOptions) {
-			listOptions.LabelSelector = selector.String()
+			listOptions.LabelSelector = labelSelector.String()
 		}),
 	)
 	podInformer := informerFactory.Core().V1().Pods()
 
+	// events do not have labels like the pods do, so we need a separate Informer
+	eventInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(
+		clientset,
+		defaultResync,
+		kubeinformers.WithNamespace(pod.ObjectMeta.Namespace),
+		kubeinformers.WithTweakListOptions(func(listOptions *metav1.ListOptions) {
+			listOptions.FieldSelector = fieldSelector.String()
+		}),
+	)
+	eventInformer := eventInformerFactory.Core().V1().Events()
+
 	// initialize podTracker
 	tracker := podTracker{
-		Logger:          log,
-		TrackedPod:      trackedPod,
-		informerFactory: informerFactory,
-		podInformer:     podInformer,
-		PodLister:       podInformer.Lister(),
-		PodSynced:       podInformer.Informer().HasSynced,
-		Ready:           make(chan struct{}),
+		Logger:               log,
+		Name:                 pod.ObjectMeta.Name,
+		Namespace:            pod.ObjectMeta.Namespace,
+		TrackedPod:           trackedPod,
+		informerFactory:      informerFactory,
+		podInformer:          podInformer,
+		PodLister:            podInformer.Lister(),
+		PodSynced:            podInformer.Informer().HasSynced,
+		eventInformerFactory: eventInformerFactory,
+		eventInformer:        eventInformer,
+		EventLister:          eventInformer.Lister(),
+		EventSynced:          eventInformer.Informer().HasSynced,
+		Ready:                make(chan struct{}),
 	}
 
 	// register event handler funcs in podInformer
@@ -232,6 +352,12 @@ func newPodTracker(log *logrus.Entry, clientset kubernetes.Interface, pod *v1.Po
 		DeleteFunc: tracker.HandlePodDelete,
 	})
 
+	eventInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc:    tracker.HandleEventAdd,
+		UpdateFunc: tracker.HandleEventUpdate,
+		// No DeleteFunc as events get deleted after some time, which we ignore.
+	})
+
 	return &tracker, nil
 }
 
diff --git a/runtime/kubernetes/pod_tracker_test.go b/runtime/kubernetes/pod_tracker_test.go
index 79b84621..8b101cc6 100644
--- a/runtime/kubernetes/pod_tracker_test.go
+++ b/runtime/kubernetes/pod_tracker_test.go
@@ -377,3 +377,258 @@ func Test_podTracker_Stop(t *testing.T) {
 		})
 	}
 }
+
+func Test_podTracker_getTrackedPodEvent(t *testing.T) {
+	// setup types
+	logger := logrus.NewEntry(logrus.StandardLogger())
+
+	_podEvent := mockContainerEvent(
+		_pod,
+		"step-github-ooctocat-1-echo",
+		reasonFailed,
+		"foobar",
+	)
+
+	_podTemplateEvent := _podEvent.DeepCopy()
+	_podTemplateEvent.InvolvedObject.Kind = new(v1.PodTemplate).TypeMeta.Kind
+
+	tests := []struct {
+		name       string
+		trackedPod string // namespace/podName
+		obj        interface{}
+		want       *v1.Event
+	}{
+		{
+			name:       "got-tracked-pod-event",
+			trackedPod: "test/github-octocat-1",
+			obj:        _podEvent,
+			want:       _podEvent,
+		},
+		{
+			name:       "wrong-pod",
+			trackedPod: "test/github-octocat-2",
+			obj:        _podEvent,
+			want:       nil,
+		},
+		{
+			name:       "invalid-type",
+			trackedPod: "test/github-octocat-1",
+			obj:        new(v1.PodTemplate),
+			want:       nil,
+		},
+		{
+			name:       "nil",
+			trackedPod: "test/nil",
+			obj:        nil,
+			want:       nil,
+		},
+		{
+			name:       "invalid-involved-object-type",
+			trackedPod: "test/github-octocat-1",
+			obj:        _podTemplateEvent,
+			want:       nil,
+		},
+		{
+			name:       "tombstone-pod-event",
+			trackedPod: "test/github-octocat-1",
+			obj: cache.DeletedFinalStateUnknown{
+				Key: "test/github-octocat-1",
+				Obj: _podEvent,
+			},
+			want: nil,
+		},
+		{
+			name:       "tombstone-nil",
+			trackedPod: "test/github-octocat-1",
+			obj: cache.DeletedFinalStateUnknown{
+				Key: "test/github-octocat-1",
+				Obj: nil,
+			},
+			want: nil,
+		},
+		{
+			name:       "tombstone-invalid-type",
+			trackedPod: "test/github-octocat-1",
+			obj: cache.DeletedFinalStateUnknown{
+				Key: "test/github-octocat-1",
+				Obj: new(v1.PodTemplate),
+			},
+			want: nil,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			p := podTracker{
+				Logger:     logger,
+				TrackedPod: test.trackedPod,
+				// other fields not used by getTrackedPodEvent
+				// if they're needed, use newPodTracker
+			}
+			if got := p.getTrackedPodEvent(test.obj); !reflect.DeepEqual(got, test.want) {
+				t.Errorf("getTrackedPodEvent() = %v, want %v", got, test.want)
+			}
+		})
+	}
+}
+
+func Test_podTracker_HandleEventAdd(t *testing.T) {
+	// setup types
+	logger := logrus.NewEntry(logrus.StandardLogger())
+
+	_podEvent := mockContainerEvent(
+		_pod,
+		"step-github-ooctocat-1-echo",
+		reasonInspectFailed,
+		"foobar",
+	)
+
+	_podTemplateEvent := _podEvent.DeepCopy()
+	_podTemplateEvent.InvolvedObject.Kind = new(v1.PodTemplate).TypeMeta.Kind
+
+	tests := []struct {
+		name       string
+		trackedPod string // namespace/podName
+		obj        interface{}
+	}{
+		{
+			name:       "got-tracked-pod-event",
+			trackedPod: "test/github-octocat-1",
+			obj:        _podEvent,
+		},
+		{
+			name:       "wrong-pod",
+			trackedPod: "test/github-octocat-2",
+			obj:        _podEvent,
+		},
+		{
+			name:       "invalid-type",
+			trackedPod: "test/github-octocat-1",
+			obj:        new(v1.PodTemplate),
+		},
+		{
+			name:       "nil",
+			trackedPod: "test/nil",
+			obj:        nil,
+		},
+		{
+			name:       "invalid-involved-object-type",
+			trackedPod: "test/github-octocat-1",
+			obj:        _podTemplateEvent,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			p := &podTracker{
+				Logger:     logger,
+				TrackedPod: test.trackedPod,
+				// other fields not used by getTrackedPodEvent
+				// if they're needed, use newPodTracker
+			}
+
+			// just make sure this doesn't panic
+			p.HandleEventAdd(test.obj)
+		})
+	}
+}
+
+func Test_podTracker_HandleEventUpdate(t *testing.T) {
+	// setup types
+	logger := logrus.NewEntry(logrus.StandardLogger())
+
+	_podEvent := mockContainerEvent(
+		_pod,
+		"step-github-ooctocat-1-echo",
+		reasonBackOff,
+		"foobar",
+	)
+
+	_podTemplateEvent := _podEvent.DeepCopy()
+	_podTemplateEvent.InvolvedObject.Kind = new(v1.PodTemplate).TypeMeta.Kind
+
+	tests := []struct {
+		name       string
+		trackedPod string // namespace/podName
+		oldObj     interface{}
+		newObj     interface{}
+	}{
+		{
+			name:       "re-sync event without change",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podEvent,
+			newObj:     _podEvent,
+		},
+		{
+			name:       "wrong-pod",
+			trackedPod: "test/github-octocat-2",
+			oldObj:     _podEvent,
+			newObj:     _podEvent,
+		},
+		{
+			name:       "invalid-type-old",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     new(v1.PodTemplate),
+			newObj:     _podEvent,
+		},
+		{
+			name:       "nil-old",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     nil,
+			newObj:     _podEvent,
+		},
+		{
+			name:       "invalid-involved-object-type-old",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podTemplateEvent,
+			newObj:     _podEvent,
+		},
+		{
+			name:       "invalid-type-new",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podEvent,
+			newObj:     new(v1.PodTemplate),
+		},
+		{
+			name:       "nil-new",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podEvent,
+			newObj:     nil,
+		},
+		{
+			name:       "invalid-involved-object-type-new",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podEvent,
+			newObj:     _podTemplateEvent,
+		},
+		{
+			name:       "invalid-type-both",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     new(v1.PodTemplate),
+			newObj:     new(v1.PodTemplate),
+		},
+		{
+			name:       "nil-both",
+			trackedPod: "test/nil",
+			oldObj:     nil,
+			newObj:     nil,
+		},
+		{
+			name:       "invalid-involved-object-type-both",
+			trackedPod: "test/github-octocat-1",
+			oldObj:     _podTemplateEvent,
+			newObj:     _podTemplateEvent,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			p := &podTracker{
+				Logger:     logger,
+				TrackedPod: test.trackedPod,
+				// other fields not used by getTrackedPodEvent
+				// if they're needed, use newPodTracker
+			}
+
+			// just make sure this doesn't panic
+			p.HandleEventUpdate(test.oldObj, test.newObj)
+		})
+	}
+}