How Can I Conditionally Run a Preflight Check?

Question:

I only want to run a specific set of preflight checks when a customer is deploying my app versus when our engineers deploy it. How can I set my analyzers so they only run in certain situations?

Answer:

All analyzers and collectors support the exclude shared property. You can use this field to determine when to run any analyzer.

In the example below, we use the License Context in the exclude field to determine which container runtime to check for. In this case, if the License is a ‘paid/prod’ license it checks for Containerd. Otherwise, it checks for Docker.

apiVersion: troubleshoot.replicated.com/v1beta1
kind: Preflight
metadata:
  name: example-preflight-checks
spec:
  analyzers:
    - containerRuntime:
        exclude: 'repl{{ eq (LicenseFieldValue "licenseType" ) "prod" }}'
        outcomes:
          - pass:
              when: "== docker"
              message: Docker container runtime was found.
          - fail:
              message: Did not find Docker container runtime.
    - containerRuntime:
        exclude: 'repl{{ not ( eq (LicenseFieldValue "licenseType" ) "prod" ) }}'
        outcomes:
          - pass:
              when: "== containerd"
              message: Containerd container runtime was found.
          - fail:
              message: Did not find Docker container runtime.

I see some preflight checks for containerRuntime, distribution, and nodeResources failing when the installation has minimal RBAC rights.

Screenshot 2022-11-30 at 09.23.201035×510 26.6 KB

How can I exclude those checks when I don’t have required permissions?
Since the preflights actually fail with an error, this also leads to a bunch of nasty side effects, like an error message when saving config changes.