Skip to main content

Run Preflight Checks using the CLI

If you don't have preflight installed, you can check out the installation guide.

You can run preflight checks to verify that a cluster or host meets the application requirements attempting an installation. While this capability is built in to some applications, you can run preflight checks using the CLI.

Usage

To run, preflight needs a specification to understand what information to collect and what to do with that information. The specification can be a YAML file, or hosted at a URL, located in an OCI registry, or provided as stdin.

To use stdin, supply - as the argument.

Example usage:

./preflight https://raw.githubusercontent.com/replicatedhq/troubleshoot/main/examples/preflight/sample-preflight.yaml
kubectl preflight oci://my.oci.registry/image
./preflight my-preflight-spec.yaml
helm template mychart --values my-values.yaml | ./preflight -

As of v0.69.0, valid input for specs can include:

  • Documents of kind: Preflight
  • Documents of kind: Secret that have the label troubleshoot.sh/kind: preflight

Multiple YAML "documents" (specs) are supported as input, in addition all documents other than the above supported will be filtered out. This allows feeding an entire set of manifests (eg. a full Helm chart) in, and preflight will take only the relevant specs.

preflight [url] [flags] [-]

Options

FlagType (if applicable)Description
--asstringUsername to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-groupstringArrayGroup to impersonate for the operation. This flag can be repeated to specify multiple groups.
--as-uidstringUID to impersonate for the operation.
--cache-dirstringDefault cache directory. Default: ~/.kube/cache
--certificate-authoritystringPath to a certificate file for the certificate authority.
--client-certificatestringPath to a client certificate file for TLS.
--client-keystringPath to a client key file for TLS.
--clusterstringThe name of the kubeconfig cluster to use.
--collect-without-permissionsAlways run preflight checks even if some require permissions that preflight does not have. Default: true
--collector-imagestringThe full name of the collector image to use.
--collector-pullpolicystringThe pull policy of the collector image.
--contextstringThe name of the kubeconfig context to use.
--cpuprofilestringFile path to write CPU profiling data.
--debugEnable debug logging. This is equivalent to --v=0.
--disable-compressionIf true, opt-out of response compression for all requests to the server.
--formatstringOutput format, one of human, json, yaml. Only used when interactive is set to false. Default: human
-h, --helpHelp for preflight.
--insecure-skip-tls-verifyIf true, the server's certificate will not be checked for validity and your HTTPS connections will be insecure.
--interactiveInteractive preflights. Default: true
--kubeconfigstringPath to the kubeconfig file to use for CLI requests.
--memprofilestringFile path to write memory profiling data.
-n, --namespacestringIf present, the namespace scope for this CLI request.
-o, --outputstringSpecify the output file path for the preflight checks.
--request-timeoutstringThe length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit, such as 1s, 2m, 3h. A value of zero means that requests will not time out. Default: 0
--selectorstringSelector (label query) to filter remote collection nodes on.
-s, --serverstringThe address and port of the Kubernetes API server.
--sincestringForce pod logs collectors to return logs newer than a relative duration, such as 5s, 2m, or 3h.
--since-timestringForce pod logs collectors to return logs after a specific date (RFC3339).
--tls-server-namestringServer name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used.
--tokenstringBearer token for authentication to the API server.
--userstringThe name of the kubeconfig user to use.
-v, --vlevelNumber for the log level verbosity.