The Security Intelligence feature was activated successfully, but there are some degraded services that exist.
Problem
The Security Intelligence feature was activated successfully, but its health is reported as PARTIALLY UP or DOWN. These degraded health status is reported either immediately after the Security Intelligence feature is activated or at a later stage in its life cycle .
Cause
The cause can be any of the following reasons.
- The Docker registry is unreachable from the TKC or upstream Kubernetes worker node.
- The Security Intelligence application pod failed to reach the Running state.
Solution
Work with your Kubernetes infrastructure administrator to try to fix the issue. Use the following possible solutions, which correspond to the problems listed in the preceding Problems section.
- Verify if all the desired pods are able to start up. The pod startup depends on the Docker registry being reachable. In the event the Docker registry is unreachable or the download action fails due to authentication or authorization reasons, the Kubernetes worker node might not be able to download the Docker container image required to run the workloads. Fix the connectivity issue for the Docker registry, delete the Security Intelligence feature, and try to activate it again.
- Check that all pods reach a Running state and all the jobs have completed successfully. Once the Docker container image is downloaded, the pods must be able to start up and run. For pods that are not in Running state, check the events using the following describe command.
napp-k describe pod <pod-name>
For jobs that are not successfully completed, check the logs using the following command.napp-k logs <pod-name>
In none of the provided solutions work, contact VMware support for further assistance.
