From 89c256feff34a4309a49034f81a57ca364e7db6f Mon Sep 17 00:00:00 2001
From: Andrew Lavery <laverya@umich.edu>
Date: Fri, 31 Jan 2025 21:52:37 -0500
Subject: [PATCH] update TestHostPreflightCustomSpec to use real releases

---
 .github/workflows/ci.yaml                     |  12 ++
 .github/workflows/release-prod.yaml           |  12 ++
 e2e/install_test.go                           |  33 ++++-
 .../backup.yaml                               |  33 +++++
 .../cluster-config.yaml                       |  73 +++++++++++
 .../config.yaml                               |  13 ++
 .../deployment-2.yaml                         |  36 +++++
 .../deployment.yaml                           |  38 ++++++
 .../failing-preflights.yaml                   |  53 ++++++++
 .../k8s-app.yaml                              |  10 ++
 .../kots-app.yaml                             |  16 +++
 .../kots-lint-config.yaml                     |  90 +++++++++++++
 .../preflight.yaml                            |  17 +++
 .../restore.yaml                              |  27 ++++
 .../troubleshoot.yaml                         |   8 ++
 .../backup.yaml                               |  33 +++++
 .../cluster-config.yaml                       |  73 +++++++++++
 .../config.yaml                               |  13 ++
 .../deployment-2.yaml                         |  36 +++++
 .../deployment.yaml                           |  38 ++++++
 .../k8s-app.yaml                              |  10 ++
 .../kots-app.yaml                             |  16 +++
 .../kots-lint-config.yaml                     |  90 +++++++++++++
 .../preflight.yaml                            |  17 +++
 .../restore.yaml                              |  27 ++++
 .../troubleshoot.yaml                         |   8 ++
 .../warning-preflights.yaml                   |  53 ++++++++
 e2e/scripts/embedded-preflight.sh             | 124 +-----------------
 28 files changed, 881 insertions(+), 128 deletions(-)
 create mode 100644 e2e/kots-release-install-failing-preflights/backup.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/cluster-config.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/config.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/deployment-2.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/deployment.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/failing-preflights.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/k8s-app.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/kots-app.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/kots-lint-config.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/preflight.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/restore.yaml
 create mode 100644 e2e/kots-release-install-failing-preflights/troubleshoot.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/backup.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/cluster-config.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/config.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/deployment-2.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/deployment.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/k8s-app.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/kots-app.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/kots-lint-config.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/preflight.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/restore.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/troubleshoot.yaml
 create mode 100644 e2e/kots-release-install-warning-preflights/warning-preflights.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 762f9f48a..d3013f8d3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -577,6 +577,18 @@ jobs:
           export APP_VERSION="appver-${SHORT_SHA}-unsupported-overrides"
           export RELEASE_YAML_DIR=e2e/kots-release-unsupported-overrides
           ./scripts/ci-release-app.sh
+          
+          # then install a version with additional failing host preflights
+          export EC_VERSION="$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*')"
+          export APP_VERSION="appver-${SHORT_SHA}-failing-preflights"
+          export RELEASE_YAML_DIR=e2e/kots-release-install-failing-preflights
+          ./scripts/ci-release-app.sh
+          
+          # then install a version with additional warning host preflights
+          export EC_VERSION="$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*')"
+          export APP_VERSION="appver-${SHORT_SHA}-warning-preflights"
+          export RELEASE_YAML_DIR=e2e/kots-release-install-warning-preflights
+          ./scripts/ci-release-app.sh
 
           # promote a release with improved dr support
           export EC_VERSION="$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*')-legacydr"
diff --git a/.github/workflows/release-prod.yaml b/.github/workflows/release-prod.yaml
index d03dd7f13..ad033bd1f 100644
--- a/.github/workflows/release-prod.yaml
+++ b/.github/workflows/release-prod.yaml
@@ -310,6 +310,18 @@ jobs:
           export APP_VERSION="appver-${SHORT_SHA}-unsupported-overrides"
           export RELEASE_YAML_DIR=e2e/kots-release-unsupported-overrides
           ./scripts/ci-release-app.sh
+          
+          # then install a version with additional failing host preflights
+          export EC_VERSION="$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*')"
+          export APP_VERSION="appver-${SHORT_SHA}-failing-preflights"
+          export RELEASE_YAML_DIR=e2e/kots-release-install-failing-preflights
+          ./scripts/ci-release-app.sh
+          
+          # then install a version with additional warning host preflights
+          export EC_VERSION="$(git describe --tags --abbrev=4 --match='[0-9]*.[0-9]*.[0-9]*')"
+          export APP_VERSION="appver-${SHORT_SHA}-warning-preflights"
+          export RELEASE_YAML_DIR=e2e/kots-release-install-warning-preflights
+          ./scripts/ci-release-app.sh
 
           # then a noop upgrade
           export EC_VERSION="${{ github.ref_name }}"
diff --git a/e2e/install_test.go b/e2e/install_test.go
index aea21a58d..35fbd6d88 100644
--- a/e2e/install_test.go
+++ b/e2e/install_test.go
@@ -281,12 +281,9 @@ func TestHostPreflightCustomSpec(t *testing.T) {
 	RequireEnvVars(t, []string{"SHORT_SHA"})
 
 	tc := docker.NewCluster(&docker.ClusterInput{
-		T:                    t,
-		Nodes:                1,
-		Distro:               "centos-9",
-		LicensePath:          "license.yaml",
-		ECBinaryPath:         "../output/bin/embedded-cluster",
-		ECReleaseBuilderPath: "../output/bin/embedded-cluster-release-builder",
+		T:      t,
+		Nodes:  1,
+		Distro: "centos-9",
 	})
 	defer tc.Cleanup()
 
@@ -296,6 +293,30 @@ func TestHostPreflightCustomSpec(t *testing.T) {
 		t.Fatalf("fail to install dependencies on node 0: %v: %s: %s", err, stdout, stderr)
 	}
 
+	t.Logf("%s: downloading failing-preflights embedded-cluster on node 0", time.Now().Format(time.RFC3339))
+	line = []string{"vandoor-prepare.sh", fmt.Sprintf("appver-%s-failing-preflights", os.Getenv("SHORT_SHA")), os.Getenv("LICENSE_ID"), "false"}
+	if stdout, stderr, err := tc.RunCommandOnNode(0, line); err != nil {
+		t.Fatalf("fail to download embedded-cluster on node 0: %v: %s: %s", err, stdout, stderr)
+	}
+
+	t.Logf("%s: moving embedded-cluster to /usr/local/bin/embedded-cluster-failing-preflights", time.Now().Format(time.RFC3339))
+	line = []string{"mv", "/usr/local/bin/embedded-cluster", "/usr/local/bin/embedded-cluster-failing-preflights"}
+	if stdout, stderr, err := tc.RunCommandOnNode(0, line); err != nil {
+		t.Fatalf("fail to move embedded-cluster on node 0: %v: %s: %s", err, stdout, stderr)
+	}
+
+	t.Logf("%s: removing the original license file", time.Now().Format(time.RFC3339))
+	line = []string{"rm", "/assets/license.yaml"}
+	if stdout, stderr, err := tc.RunCommandOnNode(0, line); err != nil {
+		t.Fatalf("fail to remove /assets/license.yaml on node 0: %v: %s: %s", err, stdout, stderr)
+	}
+
+	t.Logf("%s: downloading warning-preflights embedded-cluster on node 0", time.Now().Format(time.RFC3339))
+	line = []string{"vandoor-prepare.sh", fmt.Sprintf("appver-%s-warning-preflights", os.Getenv("SHORT_SHA")), os.Getenv("LICENSE_ID"), "false"}
+	if stdout, stderr, err := tc.RunCommandOnNode(0, line); err != nil {
+		t.Fatalf("fail to download embedded-cluster on node 0: %v: %s: %s", err, stdout, stderr)
+	}
+
 	t.Logf("%s: running embedded-cluster preflights on node 0", time.Now().Format(time.RFC3339))
 	line = []string{"embedded-preflight.sh"}
 	if stdout, stderr, err := tc.RunCommandOnNode(0, line); err != nil {
diff --git a/e2e/kots-release-install-failing-preflights/backup.yaml b/e2e/kots-release-install-failing-preflights/backup.yaml
new file mode 100644
index 000000000..e18a780d4
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/backup.yaml
@@ -0,0 +1,33 @@
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: backup
+  annotations:
+    preserve: me
+spec:
+  ttl: 36h0m0s
+  includedNamespaces:
+  - kotsadm
+  orLabelSelectors:
+  - matchExpressions:
+    - { key: kots.io/kotsadm, operator: NotIn, values: ["true"] }
+  hooks:
+    resources:
+    - name: test-hook
+      includedResources:
+      - 'pods'
+      labelSelector:
+        matchLabels:
+          app: example
+          component: nginx
+      pre:
+      - exec:
+          container: nginx
+          command:
+          - /bin/uname
+          - -a
+      post:
+      - exec:
+          command:
+           - /bin/uname
+           - -a
diff --git a/e2e/kots-release-install-failing-preflights/cluster-config.yaml b/e2e/kots-release-install-failing-preflights/cluster-config.yaml
new file mode 100644
index 000000000..8843dfc54
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/cluster-config.yaml
@@ -0,0 +1,73 @@
+apiVersion: embeddedcluster.replicated.com/v1beta1
+kind: Config
+metadata:
+  name: "testconfig"
+spec:
+  version: "__version_string__"
+  binaryOverrideUrl: "__release_url__"
+  metadataOverrideUrl: "__metadata_url__"
+  roles:
+    controller:
+      labels:
+        controller-label: controller-label-value
+      name: controller-test
+    custom:
+      - labels:
+          abc-test-label: abc-test-label-value
+          abc-test-label-two: abc-test-label-value-2
+        name: abc
+      - labels:
+          xyz-test-label: xyz-value
+        name: xyz
+  unsupportedOverrides:
+    builtInExtensions:
+      - name: admin-console
+        values: |
+          labels:
+            release-custom-label: release-clustom-value
+      - name: embedded-cluster-operator
+        values: |
+          global:
+            labels:
+              release-custom-label: release-clustom-value
+    k0s: |
+      config:
+        metadata:
+          name: foo
+        spec:
+          telemetry:
+            enabled: false
+  extensions:
+    helm:
+      repositories:
+        - name: ingress-nginx
+          url: https://kubernetes.github.io/ingress-nginx
+        - name: okgolove
+          url: https://okgolove.github.io/helm-charts/
+      charts:
+        - name: ingress-nginx
+          chartname: ingress-nginx/ingress-nginx
+          namespace: ingress-nginx
+          version: "4.11.3"
+          values: |
+            controller:
+              service:
+                type: NodePort
+                nodePorts:
+                  http: "80"
+                  https: "443"
+              image:
+                digest: ""
+                digestChroot: ""
+              admissionWebhooks:
+                patch:
+                  image:
+                    digest: ""
+        - chartname: okgolove/goldpinger
+          name: goldpinger
+          namespace: goldpinger
+          version: 6.1.2
+          order: 11
+          values: |
+            image:
+              repository: proxy.replicated.com/anonymous/bloomberg/goldpinger
diff --git a/e2e/kots-release-install-failing-preflights/config.yaml b/e2e/kots-release-install-failing-preflights/config.yaml
new file mode 100644
index 000000000..f1c98e69a
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/config.yaml
@@ -0,0 +1,13 @@
+apiVersion: kots.io/v1beta1
+kind: Config
+spec:
+  groups:
+    - name: config_group
+      title: The First Config Group
+      items:
+        - name: hostname
+          title: Hostname
+          type: text
+        - name: pw
+          title: Password
+          type: password
diff --git a/e2e/kots-release-install-failing-preflights/deployment-2.yaml b/e2e/kots-release-install-failing-preflights/deployment-2.yaml
new file mode 100644
index 000000000..2d46ae54c
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/deployment-2.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: second
+  labels:
+    app: second
+    replicated.com/disaster-recovery: app
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: second
+  template:
+    metadata:
+      labels:
+        app: second
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                        - second
+                topologyKey: "kubernetes.io/hostname"
+      containers:
+        - name: nginx
+          image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+          resources:
+            limits:
+              memory: '32Mi'
+              cpu: '50m'
diff --git a/e2e/kots-release-install-failing-preflights/deployment.yaml b/e2e/kots-release-install-failing-preflights/deployment.yaml
new file mode 100644
index 000000000..27fd581fd
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  labels:
+    app: example
+    component: nginx
+    replicated.com/disaster-recovery: app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: example
+      component: nginx
+  template:
+    metadata:
+      labels:
+        app: example
+        component: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+          resources:
+            limits:
+              memory: '64Mi'
+              cpu: '50m'
+          env:
+            - name: APP_SEQUENCE
+              value: "{{repl Cursor }}"
+            - name: APP_VERSION
+              value: "{{repl VersionLabel }}"
+            - name: APP_CHANNEL
+              value: "{{repl ChannelName }}"
+            - name: CONFIG_HOSTNAME
+              value: '{{repl ConfigOption "hostname" }}'
+            - name: CONFIG_PASSWORD
+              value: '{{repl ConfigOption "pw" }}'
diff --git a/e2e/kots-release-install-failing-preflights/failing-preflights.yaml b/e2e/kots-release-install-failing-preflights/failing-preflights.yaml
new file mode 100644
index 000000000..5c83e31ac
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/failing-preflights.yaml
@@ -0,0 +1,53 @@
+apiVersion: troubleshoot.sh/v1beta2
+kind: HostPreflight
+spec:
+  collectors:
+    - tcpPortStatus:
+        collectorName: Port 24
+        port: 24
+    - tcpPortStatus:
+        collectorName: Port 22
+        port: 22
+  analyzers:
+    - tcpPortStatus:
+        checkName: Port 24
+        collectorName: Port 24
+        outcomes:
+          - fail:
+              when: connection-refused
+              message: Connection to port 24 was refused.
+          - warn:
+              when: address-in-use
+              message: Another process was already listening on port 24.
+          - fail:
+              when: connection-timeout
+              message: Timed out connecting to port 24.
+          - fail:
+              when: error
+              message: Unexpected port status
+          - pass:
+              when: connected
+              message: Port 24 is available
+          - warn:
+              message: Unexpected port status
+    - tcpPortStatus:
+        checkName: Port 22
+        collectorName: Port 22
+        outcomes:
+          - fail:
+              when: connection-refused
+              message: Connection to port 22 was refused.
+          - fail:
+              when: address-in-use
+              message: Another process was already listening on port 22.
+          - fail:
+              when: connection-timeout
+              message: Timed out connecting to port 22.
+          - fail:
+              when: error
+              message: Unexpected port status
+          - pass:
+              when: connected
+              message: Port 22 is available
+          - warn:
+              message: Unexpected port status
diff --git a/e2e/kots-release-install-failing-preflights/k8s-app.yaml b/e2e/kots-release-install-failing-preflights/k8s-app.yaml
new file mode 100644
index 000000000..c5f625eae
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/k8s-app.yaml
@@ -0,0 +1,10 @@
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: "nginx"
+spec:
+  descriptor:
+    links:
+      - description: Open App
+        # needs to match applicationUrl in kots-app.yaml
+        url: "http://nginx"
diff --git a/e2e/kots-release-install-failing-preflights/kots-app.yaml b/e2e/kots-release-install-failing-preflights/kots-app.yaml
new file mode 100644
index 000000000..2cb389bb8
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/kots-app.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: kots.io/v1beta1
+kind: Application
+metadata:
+  name: nginx
+spec:
+  title: Embedded Cluster Smoke Test Staging App
+  icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/icon/color/kubernetes-icon-color.png
+  allowRollback: true
+  statusInformers:
+    - deployment/nginx
+  ports:
+    - serviceName: "nginx"
+      servicePort: 80
+      localPort: 8888
+      applicationUrl: "http://nginx"
diff --git a/e2e/kots-release-install-failing-preflights/kots-lint-config.yaml b/e2e/kots-release-install-failing-preflights/kots-lint-config.yaml
new file mode 100644
index 000000000..ba99c8b92
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/kots-lint-config.yaml
@@ -0,0 +1,90 @@
+apiVersion: kots.io/v1beta1
+kind: LintConfig
+metadata:
+  name: default-lint-config
+spec:
+  rules:
+    - name: missing-kind-field
+      level: "error"
+    - name: missing-api-version-field
+      level: "error"
+    - name: preflight-spec
+      level: "warn"
+    - name: config-spec
+      level: "warn"
+    - name: troubleshoot-spec
+      level: "warn"
+    - name: application-spec
+      level: "warn"
+    - name: application-icon
+      level: "warn"
+    - name: application-statusInformers
+      level: "warn"
+    - name: invalid-target-kots-version
+      level: "error"
+    - name: invalid-min-kots-version
+      level: "error"
+    - name: invalid-kubernetes-installer
+      level: "error"
+    - name: deprecated-kubernetes-installer-version
+      level: "warn"
+    - name: duplicate-kots-kind
+      level: "error"
+    - name: invalid-helm-release-name
+      level: "error"
+    - name: duplicate-helm-release-name
+      level: "error"
+    - name: replicas-1
+      level: "info"
+    - name: privileged
+      level: "info"
+    - name: allow-privilege-escalation
+      level: "info"
+    - name: container-image-latest-tag
+      level: "info"
+    - name: container-image-local-image-name
+      level: "error"
+    - name: container-resources
+      level: "info"
+    - name: container-resource-limits
+      level: "info"
+    - name: container-resource-requests
+      level: "info"
+    - name: resource-limits-cpu
+      level: "info"
+    - name: resource-limits-memory
+      level: "info"
+    - name: resource-requests-cpu
+      level: "info"
+    - name: resource-requests-memory
+      level: "info"
+    - name: volumes-host-paths
+      level: "info"
+    - name: volume-docker-sock
+      level: "info"
+    - name: hardcoded-namespace
+      level: "info"
+    - name: may-contain-secrets
+      level: "info"
+    - name: config-option-invalid-type
+      level: "error"
+    - name: repeat-option-missing-template
+      level: "error"
+    - name: repeat-option-missing-valuesByGroup
+      level: "error"
+    - name: repeat-option-malformed-yamlpath
+      level: "error"
+    - name: config-option-password-type
+      level: "warn"
+    - name: config-option-not-found
+      level: "warn"
+    - name: config-option-is-circular
+      level: "error"
+    - name: config-option-not-repeatable
+      level: "error"
+    - name: config-option-when-is-invalid
+      level: "error"
+    - name: config-option-invalid-regex-validator
+      level: "error"
+    - name: config-option-regex-validator-invalid-type
+      level: "error"
diff --git a/e2e/kots-release-install-failing-preflights/preflight.yaml b/e2e/kots-release-install-failing-preflights/preflight.yaml
new file mode 100644
index 000000000..31caea1d2
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/preflight.yaml
@@ -0,0 +1,17 @@
+apiVersion: troubleshoot.replicated.com/v1beta1
+kind: Preflight
+metadata:
+  name: preflight-checks
+spec:
+  collectors:
+    - clusterInfo: {}
+    - clusterResources: {}
+  analyzers:
+    - customResourceDefinition:
+        customResourceDefinitionName: volumesnapshots.snapshot.storage.k8s.io
+        checkName: The Volume Snapshots CRD exists
+        outcomes:
+          - fail:
+              message: The Volume Snapshots CRD does not exist.
+          - pass:
+              message: The Volume Snapshots CRD exists.
diff --git a/e2e/kots-release-install-failing-preflights/restore.yaml b/e2e/kots-release-install-failing-preflights/restore.yaml
new file mode 100644
index 000000000..ec09f95fa
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/restore.yaml
@@ -0,0 +1,27 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore
+  annotations:
+    preserve: me
+spec:
+  backupName: backup
+  includedNamespaces:
+  - '*'
+  hooks:
+    resources:
+    - name: restore-hook-1
+      includedNamespaces:
+      - kotsadm
+      labelSelector:
+        matchLabels:
+          app: example
+      postHooks:
+      - init:
+          initContainers:
+          - name: restore-hook-init1
+            image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+            command:
+            - /bin/ash
+            - -c
+            - echo -n "FOOBARBAZ" > /tmp/foobarbaz
diff --git a/e2e/kots-release-install-failing-preflights/troubleshoot.yaml b/e2e/kots-release-install-failing-preflights/troubleshoot.yaml
new file mode 100644
index 000000000..e817502d6
--- /dev/null
+++ b/e2e/kots-release-install-failing-preflights/troubleshoot.yaml
@@ -0,0 +1,8 @@
+apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: preflight-checks
+spec:
+  collectors:
+    - clusterInfo: {}
+    - clusterResources: {}
diff --git a/e2e/kots-release-install-warning-preflights/backup.yaml b/e2e/kots-release-install-warning-preflights/backup.yaml
new file mode 100644
index 000000000..e18a780d4
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/backup.yaml
@@ -0,0 +1,33 @@
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: backup
+  annotations:
+    preserve: me
+spec:
+  ttl: 36h0m0s
+  includedNamespaces:
+  - kotsadm
+  orLabelSelectors:
+  - matchExpressions:
+    - { key: kots.io/kotsadm, operator: NotIn, values: ["true"] }
+  hooks:
+    resources:
+    - name: test-hook
+      includedResources:
+      - 'pods'
+      labelSelector:
+        matchLabels:
+          app: example
+          component: nginx
+      pre:
+      - exec:
+          container: nginx
+          command:
+          - /bin/uname
+          - -a
+      post:
+      - exec:
+          command:
+           - /bin/uname
+           - -a
diff --git a/e2e/kots-release-install-warning-preflights/cluster-config.yaml b/e2e/kots-release-install-warning-preflights/cluster-config.yaml
new file mode 100644
index 000000000..8843dfc54
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/cluster-config.yaml
@@ -0,0 +1,73 @@
+apiVersion: embeddedcluster.replicated.com/v1beta1
+kind: Config
+metadata:
+  name: "testconfig"
+spec:
+  version: "__version_string__"
+  binaryOverrideUrl: "__release_url__"
+  metadataOverrideUrl: "__metadata_url__"
+  roles:
+    controller:
+      labels:
+        controller-label: controller-label-value
+      name: controller-test
+    custom:
+      - labels:
+          abc-test-label: abc-test-label-value
+          abc-test-label-two: abc-test-label-value-2
+        name: abc
+      - labels:
+          xyz-test-label: xyz-value
+        name: xyz
+  unsupportedOverrides:
+    builtInExtensions:
+      - name: admin-console
+        values: |
+          labels:
+            release-custom-label: release-clustom-value
+      - name: embedded-cluster-operator
+        values: |
+          global:
+            labels:
+              release-custom-label: release-clustom-value
+    k0s: |
+      config:
+        metadata:
+          name: foo
+        spec:
+          telemetry:
+            enabled: false
+  extensions:
+    helm:
+      repositories:
+        - name: ingress-nginx
+          url: https://kubernetes.github.io/ingress-nginx
+        - name: okgolove
+          url: https://okgolove.github.io/helm-charts/
+      charts:
+        - name: ingress-nginx
+          chartname: ingress-nginx/ingress-nginx
+          namespace: ingress-nginx
+          version: "4.11.3"
+          values: |
+            controller:
+              service:
+                type: NodePort
+                nodePorts:
+                  http: "80"
+                  https: "443"
+              image:
+                digest: ""
+                digestChroot: ""
+              admissionWebhooks:
+                patch:
+                  image:
+                    digest: ""
+        - chartname: okgolove/goldpinger
+          name: goldpinger
+          namespace: goldpinger
+          version: 6.1.2
+          order: 11
+          values: |
+            image:
+              repository: proxy.replicated.com/anonymous/bloomberg/goldpinger
diff --git a/e2e/kots-release-install-warning-preflights/config.yaml b/e2e/kots-release-install-warning-preflights/config.yaml
new file mode 100644
index 000000000..f1c98e69a
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/config.yaml
@@ -0,0 +1,13 @@
+apiVersion: kots.io/v1beta1
+kind: Config
+spec:
+  groups:
+    - name: config_group
+      title: The First Config Group
+      items:
+        - name: hostname
+          title: Hostname
+          type: text
+        - name: pw
+          title: Password
+          type: password
diff --git a/e2e/kots-release-install-warning-preflights/deployment-2.yaml b/e2e/kots-release-install-warning-preflights/deployment-2.yaml
new file mode 100644
index 000000000..2d46ae54c
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/deployment-2.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: second
+  labels:
+    app: second
+    replicated.com/disaster-recovery: app
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: second
+  template:
+    metadata:
+      labels:
+        app: second
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                        - second
+                topologyKey: "kubernetes.io/hostname"
+      containers:
+        - name: nginx
+          image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+          resources:
+            limits:
+              memory: '32Mi'
+              cpu: '50m'
diff --git a/e2e/kots-release-install-warning-preflights/deployment.yaml b/e2e/kots-release-install-warning-preflights/deployment.yaml
new file mode 100644
index 000000000..27fd581fd
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  labels:
+    app: example
+    component: nginx
+    replicated.com/disaster-recovery: app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: example
+      component: nginx
+  template:
+    metadata:
+      labels:
+        app: example
+        component: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+          resources:
+            limits:
+              memory: '64Mi'
+              cpu: '50m'
+          env:
+            - name: APP_SEQUENCE
+              value: "{{repl Cursor }}"
+            - name: APP_VERSION
+              value: "{{repl VersionLabel }}"
+            - name: APP_CHANNEL
+              value: "{{repl ChannelName }}"
+            - name: CONFIG_HOSTNAME
+              value: '{{repl ConfigOption "hostname" }}'
+            - name: CONFIG_PASSWORD
+              value: '{{repl ConfigOption "pw" }}'
diff --git a/e2e/kots-release-install-warning-preflights/k8s-app.yaml b/e2e/kots-release-install-warning-preflights/k8s-app.yaml
new file mode 100644
index 000000000..c5f625eae
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/k8s-app.yaml
@@ -0,0 +1,10 @@
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: "nginx"
+spec:
+  descriptor:
+    links:
+      - description: Open App
+        # needs to match applicationUrl in kots-app.yaml
+        url: "http://nginx"
diff --git a/e2e/kots-release-install-warning-preflights/kots-app.yaml b/e2e/kots-release-install-warning-preflights/kots-app.yaml
new file mode 100644
index 000000000..2cb389bb8
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/kots-app.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: kots.io/v1beta1
+kind: Application
+metadata:
+  name: nginx
+spec:
+  title: Embedded Cluster Smoke Test Staging App
+  icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/icon/color/kubernetes-icon-color.png
+  allowRollback: true
+  statusInformers:
+    - deployment/nginx
+  ports:
+    - serviceName: "nginx"
+      servicePort: 80
+      localPort: 8888
+      applicationUrl: "http://nginx"
diff --git a/e2e/kots-release-install-warning-preflights/kots-lint-config.yaml b/e2e/kots-release-install-warning-preflights/kots-lint-config.yaml
new file mode 100644
index 000000000..ba99c8b92
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/kots-lint-config.yaml
@@ -0,0 +1,90 @@
+apiVersion: kots.io/v1beta1
+kind: LintConfig
+metadata:
+  name: default-lint-config
+spec:
+  rules:
+    - name: missing-kind-field
+      level: "error"
+    - name: missing-api-version-field
+      level: "error"
+    - name: preflight-spec
+      level: "warn"
+    - name: config-spec
+      level: "warn"
+    - name: troubleshoot-spec
+      level: "warn"
+    - name: application-spec
+      level: "warn"
+    - name: application-icon
+      level: "warn"
+    - name: application-statusInformers
+      level: "warn"
+    - name: invalid-target-kots-version
+      level: "error"
+    - name: invalid-min-kots-version
+      level: "error"
+    - name: invalid-kubernetes-installer
+      level: "error"
+    - name: deprecated-kubernetes-installer-version
+      level: "warn"
+    - name: duplicate-kots-kind
+      level: "error"
+    - name: invalid-helm-release-name
+      level: "error"
+    - name: duplicate-helm-release-name
+      level: "error"
+    - name: replicas-1
+      level: "info"
+    - name: privileged
+      level: "info"
+    - name: allow-privilege-escalation
+      level: "info"
+    - name: container-image-latest-tag
+      level: "info"
+    - name: container-image-local-image-name
+      level: "error"
+    - name: container-resources
+      level: "info"
+    - name: container-resource-limits
+      level: "info"
+    - name: container-resource-requests
+      level: "info"
+    - name: resource-limits-cpu
+      level: "info"
+    - name: resource-limits-memory
+      level: "info"
+    - name: resource-requests-cpu
+      level: "info"
+    - name: resource-requests-memory
+      level: "info"
+    - name: volumes-host-paths
+      level: "info"
+    - name: volume-docker-sock
+      level: "info"
+    - name: hardcoded-namespace
+      level: "info"
+    - name: may-contain-secrets
+      level: "info"
+    - name: config-option-invalid-type
+      level: "error"
+    - name: repeat-option-missing-template
+      level: "error"
+    - name: repeat-option-missing-valuesByGroup
+      level: "error"
+    - name: repeat-option-malformed-yamlpath
+      level: "error"
+    - name: config-option-password-type
+      level: "warn"
+    - name: config-option-not-found
+      level: "warn"
+    - name: config-option-is-circular
+      level: "error"
+    - name: config-option-not-repeatable
+      level: "error"
+    - name: config-option-when-is-invalid
+      level: "error"
+    - name: config-option-invalid-regex-validator
+      level: "error"
+    - name: config-option-regex-validator-invalid-type
+      level: "error"
diff --git a/e2e/kots-release-install-warning-preflights/preflight.yaml b/e2e/kots-release-install-warning-preflights/preflight.yaml
new file mode 100644
index 000000000..31caea1d2
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/preflight.yaml
@@ -0,0 +1,17 @@
+apiVersion: troubleshoot.replicated.com/v1beta1
+kind: Preflight
+metadata:
+  name: preflight-checks
+spec:
+  collectors:
+    - clusterInfo: {}
+    - clusterResources: {}
+  analyzers:
+    - customResourceDefinition:
+        customResourceDefinitionName: volumesnapshots.snapshot.storage.k8s.io
+        checkName: The Volume Snapshots CRD exists
+        outcomes:
+          - fail:
+              message: The Volume Snapshots CRD does not exist.
+          - pass:
+              message: The Volume Snapshots CRD exists.
diff --git a/e2e/kots-release-install-warning-preflights/restore.yaml b/e2e/kots-release-install-warning-preflights/restore.yaml
new file mode 100644
index 000000000..ec09f95fa
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/restore.yaml
@@ -0,0 +1,27 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore
+  annotations:
+    preserve: me
+spec:
+  backupName: backup
+  includedNamespaces:
+  - '*'
+  hooks:
+    resources:
+    - name: restore-hook-1
+      includedNamespaces:
+      - kotsadm
+      labelSelector:
+        matchLabels:
+          app: example
+      postHooks:
+      - init:
+          initContainers:
+          - name: restore-hook-init1
+            image: proxy.replicated.com/anonymous/nginx:1.24-alpine
+            command:
+            - /bin/ash
+            - -c
+            - echo -n "FOOBARBAZ" > /tmp/foobarbaz
diff --git a/e2e/kots-release-install-warning-preflights/troubleshoot.yaml b/e2e/kots-release-install-warning-preflights/troubleshoot.yaml
new file mode 100644
index 000000000..e817502d6
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/troubleshoot.yaml
@@ -0,0 +1,8 @@
+apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: preflight-checks
+spec:
+  collectors:
+    - clusterInfo: {}
+    - clusterResources: {}
diff --git a/e2e/kots-release-install-warning-preflights/warning-preflights.yaml b/e2e/kots-release-install-warning-preflights/warning-preflights.yaml
new file mode 100644
index 000000000..5baa58229
--- /dev/null
+++ b/e2e/kots-release-install-warning-preflights/warning-preflights.yaml
@@ -0,0 +1,53 @@
+apiVersion: troubleshoot.sh/v1beta2
+kind: HostPreflight
+spec:
+  collectors:
+    - tcpPortStatus:
+        collectorName: Port 24
+        port: 24
+    - tcpPortStatus:
+        collectorName: Port 22
+        port: 22
+  analyzers:
+    - tcpPortStatus:
+        checkName: Port 24
+        collectorName: Port 24
+        outcomes:
+          - fail:
+              when: connection-refused
+              message: Connection to port 24 was refused.
+          - warn:
+              when: address-in-use
+              message: Another process was already listening on port 24.
+          - fail:
+              when: connection-timeout
+              message: Timed out connecting to port 24.
+          - fail:
+              when: error
+              message: Unexpected port status
+          - pass:
+              when: connected
+              message: Port 24 is available
+          - warn:
+              message: Unexpected port status
+    - tcpPortStatus:
+        checkName: Port 22
+        collectorName: Port 22
+        outcomes:
+          - fail:
+              when: connection-refused
+              message: Connection to port 22 was refused.
+          - warn:
+              when: address-in-use
+              message: Another process was already listening on port 22.
+          - fail:
+              when: connection-timeout
+              message: Timed out connecting to port 22.
+          - fail:
+              when: error
+              message: Unexpected port status
+          - pass:
+              when: connected
+              message: Port 22 is available
+          - warn:
+              message: Unexpected port status
diff --git a/e2e/scripts/embedded-preflight.sh b/e2e/scripts/embedded-preflight.sh
index c7de17640..0b21e879c 100755
--- a/e2e/scripts/embedded-preflight.sh
+++ b/e2e/scripts/embedded-preflight.sh
@@ -4,125 +4,6 @@ set -euox pipefail
 DIR=/usr/local/bin
 . $DIR/common.sh
 
-preflight_with_failure="
-apiVersion: troubleshoot.sh/v1beta2
-kind: HostPreflight
-spec:
-  collectors:
-    - tcpPortStatus:
-        collectorName: Port 24
-        port: 24
-    - tcpPortStatus:
-        collectorName: Port 22
-        port: 22
-  analyzers:
-    - tcpPortStatus:
-        checkName: Port 24
-        collectorName: Port 24
-        outcomes:
-          - fail:
-              when: connection-refused
-              message: Connection to port 24 was refused.
-          - warn:
-              when: address-in-use
-              message: Another process was already listening on port 24.
-          - fail:
-              when: connection-timeout
-              message: Timed out connecting to port 24.
-          - fail:
-              when: error
-              message: Unexpected port status
-          - pass:
-              when: connected
-              message: Port 24 is available
-          - warn:
-              message: Unexpected port status
-    - tcpPortStatus:
-        checkName: Port 22
-        collectorName: Port 22
-        outcomes:
-          - fail:
-              when: connection-refused
-              message: Connection to port 22 was refused.
-          - fail:
-              when: address-in-use
-              message: Another process was already listening on port 22.
-          - fail:
-              when: connection-timeout
-              message: Timed out connecting to port 22.
-          - fail:
-              when: error
-              message: Unexpected port status
-          - pass:
-              when: connected
-              message: Port 22 is available
-          - warn:
-              message: Unexpected port status
-"
-
-preflight_with_warning="
-apiVersion: troubleshoot.sh/v1beta2
-kind: HostPreflight
-spec:
-  collectors:
-    - tcpPortStatus:
-        collectorName: Port 24
-        port: 24
-    - tcpPortStatus:
-        collectorName: Port 22
-        port: 22
-  analyzers:
-    - tcpPortStatus:
-        checkName: Port 24
-        collectorName: Port 24
-        outcomes:
-          - fail:
-              when: connection-refused
-              message: Connection to port 24 was refused.
-          - warn:
-              when: address-in-use
-              message: Another process was already listening on port 24.
-          - fail:
-              when: connection-timeout
-              message: Timed out connecting to port 24.
-          - fail:
-              when: error
-              message: Unexpected port status
-          - pass:
-              when: connected
-              message: Port 24 is available
-          - warn:
-              message: Unexpected port status
-    - tcpPortStatus:
-        checkName: Port 22
-        collectorName: Port 22
-        outcomes:
-          - fail:
-              when: connection-refused
-              message: Connection to port 22 was refused.
-          - warn:
-              when: address-in-use
-              message: Another process was already listening on port 22.
-          - fail:
-              when: connection-timeout
-              message: Timed out connecting to port 22.
-          - fail:
-              when: error
-              message: Unexpected port status
-          - pass:
-              when: connected
-              message: Port 22 is available
-          - warn:
-              message: Unexpected port status
-"
-
-embed_preflight() {
-    content="$1"
-    rm -rf /root/preflight*
-    echo "$content" > /root/preflight.yaml
-    tar -czvf /root/preflight.tar.gz /root/preflight.yaml
-    embedded-cluster-release-builder /usr/local/bin/embedded-cluster /root/preflight.tar.gz /usr/local/bin/embedded-cluster
-}
 
 has_applied_host_preflight() {
     if ! grep -q "Another process was already listening on port 22" /tmp/log ; then
@@ -131,8 +12,7 @@ has_applied_host_preflight() {
 }
 
 main() {
-    embed_preflight "$preflight_with_failure"
-    if /usr/local/bin/embedded-cluster install --yes --license /assets/license.yaml 2>&1 | tee /tmp/log ; then
+    if /usr/local/bin/embedded-cluster-failing-preflights install --yes --license /assets/license.yaml 2>&1 | tee /tmp/log ; then
         cat /tmp/log
         echo "preflight_with_failure: Expected installation to fail"
         exit 1
@@ -149,8 +29,8 @@ main() {
     fi
     rm "${EMBEDDED_CLUSTER_BASE_DIR}/support/host-preflight-results.json"
     mv /tmp/log /tmp/log-failure
+
     # Warnings should not fail installations
-    embed_preflight "$preflight_with_warning"
     if ! /usr/local/bin/embedded-cluster install run-preflights --yes 2>&1 | tee /tmp/log ; then
         cat /etc/os-release
         echo "preflight_with_warning: Failed to run embedded-cluster preflights"