Run Preflight Checks using the CLI
Learn how to run preflight checks from the CLI
If you don't have preflight installed, you can check out the installation guide.
You can run preflight checks to verify that a cluster or host meets the application requirements attempting an installation. While this capability is built in to some applications, you can run preflight checks using the CLI.
Usage
To run, preflight needs a specification to understand what information to collect and what to do with that information. The specification can be a YAML file, or hosted at a URL, located in an OCI registry, or provided as stdin.
To use stdin, supply - as the argument.
Example usage:
./preflight https://raw.githubusercontent.com/replicatedhq/troubleshoot/main/examples/preflight/sample-preflight.yaml
kubectl preflight oci://my.oci.registry/image
./preflight my-preflight-spec.yaml
helm template mychart --values my-values.yaml | ./preflight -As of v0.69.0, valid input for specs can include:
- Documents of
kind: Preflight - Documents of
kind: Secretthat have the labeltroubleshoot.sh/kind: preflight
Multiple YAML "documents" (specs) are supported as input, in addition all documents other than the above supported will be filtered out. This allows feeding an entire set of manifests (eg. a full Helm chart) in, and preflight will take only the relevant specs.
preflight [url] [flags] [-]Options
| Flag | Type (if applicable) | Description |
|---|---|---|
--as |
string | Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group |
stringArray | Group to impersonate for the operation. This flag can be repeated to specify multiple groups. |
--as-uid |
string | UID to impersonate for the operation. |
--cache-dir |
string | Default cache directory. Default: ~/.kube/cache |
--certificate-authority |
string | Path to a certificate file for the certificate authority. |
--client-certificate |
string | Path to a client certificate file for TLS. |
--client-key |
string | Path to a client key file for TLS. |
--cluster |
string | The name of the kubeconfig cluster to use. |
--collect-without-permissions |
Always run preflight checks even if some require permissions that preflight does not have. Default: true |
|
--collector-image |
string | The full name of the collector image to use. |
--collector-pullpolicy |
string | The pull policy of the collector image. |
--context |
string | The name of the kubeconfig context to use. |
--cpuprofile |
string | File path to write CPU profiling data. |
--debug |
Enable debug logging. This is equivalent to --v=0. |
|
--disable-compression |
If true, opt-out of response compression for all requests to the server. |
|
--format |
string | Output format, one of human, json, yaml. Only used when interactive is set to false. Default: human |
-h, --help |
Help for preflight. | |
--insecure-skip-tls-verify |
If true, the server's certificate will not be checked for validity and your HTTPS connections will be insecure. |
|
--interactive |
Interactive preflights. Default: true |
|
--kubeconfig |
string | Path to the kubeconfig file to use for CLI requests. |
--memprofile |
string | File path to write memory profiling data. |
-n, --namespace |
string | If present, the namespace scope for this CLI request. |
-o, --output |
string | Specify the output file path for the preflight checks. |
--request-timeout |
string | The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit, such as 1s, 2m, 3h. A value of zero means that requests will not time out. Default: 0 |
--selector |
string | Selector (label query) to filter remote collection nodes on. |
-s, --server |
string | The address and port of the Kubernetes API server. |
--since |
string | Force pod logs collectors to return logs newer than a relative duration, such as 5s, 2m, or 3h. |
--since-time |
string | Force pod logs collectors to return logs after a specific date (RFC3339). |
--tls-server-name |
string | Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used. |
--token |
string | Bearer token for authentication to the API server. |
--user |
string | The name of the kubeconfig user to use. |
-v, --v |
level | Number for the log level verbosity. |