Here are my weekly notes:
Flow Connector
If you are using the VPC, you can track connections between your subnets and your VPC using Flow Connector.
❯ find . -name “*.gz” -exec gunzip {} \;
❯ grep -Rh 192.168.200.10 | jq -r ‘.flow_logs[] | select(.action == “rejected”) | “\(.initiator_ip),\(.target_ip),\(.target_port)”‘ | sort -u | grep 192.168.200.10
10.245.0.5,192.168.200.10,36416,2023-08-08T14:31:32Z
10.245.0.5,192.168.200.10,36430,2023-08-08T14:31:32Z
10.245.0.5,192.168.200.10,58894,2023-08-08T14:31:32Z
10.245.1.5,192.168.200.10,10250,2023-08-08T14:31:41Z
10.245.1.5,192.168.200.10,10250,2023-08-08T14:31:42Z
10.245.1.5,192.168.200.10,9100,2023-08-08T14:31:32Z
10.245.129.4,192.168.200.10,43524,2023-08-08T14:31:32Z
10.245.64.4,192.168.200.10,10250,2023-08-08T14:31:32Z
10.245.64.4,192.168.200.10,10250,2023-08-08T14:31:42Z
10.245.64.4,192.168.200.10,9100,2023-08-08T14:31:42Z
10.245.64.4,192.168.200.10,9537,2023-08-08T14:50:36Z
Image Pruner Reports Error….
You can check the image-registry status on the cluster operator.
❯ oc get co image-registry
image-registry 4.14.0-ec.4 True False True 3d14h ImagePrunerDegraded: Job has reached the specified backoff limit
The cronjob probably failed, so we can check that it exists.
❯ oc get cronjob -n openshift-image-registry
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
image-pruner 0 0 * * * False 0 16h 3d15h
We can run a one-off to clear the status above.
❯ oc create job --from=cronjob/image-pruner one-off-image-pruner -n openshift-image-registry
job.batch/one-off-image-pruner created
Then your image-registry should be a-ok.
Ref: https://gist.github.com/ryderdamen/73ff9f93cd61d5dd45a0c50032e3ae03
Leave a Reply