📘 Calico Precheck (ROSA + Calico Enterprise)

Description
A lightweight, read-only diagnostic collector to validate Red Hat OpenShift on AWS (ROSA) clusters before running a Calico Enterprise demo or proof-of-concept.

---

🎯 Purpose

The collector ensures your ROSA cluster meets system readiness for Calico Enterprise deployment.
It gathers non-sensitive metadata — no Secrets, ConfigMap data, or credentials — so Tigera engineers can confirm:

• Cluster version and operator health
• Node readiness and taints
• Network configuration and proxy status
• Presence of Calico / Tigera CRDs
• Namespace, event, and pod summaries

---

⚙️ Prerequisites

Before running the script, ensure:

• oc (OpenShift CLI) is installed
• jq and tar are installed
• You have read-only access (view or cluster-reader)
• You can successfully connect:

  oc whoami

---

🚀 Quick Start

Recommended (Enterprise‑friendly): Clone, review, and run

git clone https://github.com/tigera-solutions/rosa-ce-preflight.git

Downloads this repository to a local folder named rosa-ce-preflight.

cd rosa-ce-preflight

Moves into the repository directory so subsequent commands reference the included files.

bash scripts/collect-rosa-ce-support.sh

Runs the read-only collector script (no writes, no secrets). It will generate a timestamped tarball under ./output/.

Optional: make it executable and run directly

chmod +x scripts/collect-rosa-ce-support.sh
./scripts/collect-rosa-ce-support.sh

Expected output location:

output/calico-precheck-<cluster>-<timestamp>.tar.gz

This tarball contains read-only metadata and can safely be shared with Tigera for validation.

---

📁 Output Structure (inside the tarball)

calico-precheck-<cluster>-<timestamp>/
├── cluster/
├── openshift/
├── calico/
├── network/
└── summary.json

Each folder contains simple oc get and oc describe results — limited to non-sensitive data only.

---

🔒 Privacy & Security

• Performs only read-only (get, list, watch) operations
• Explicitly excludes:
  • Secrets and ConfigMap data
  • Pod environment variables
  • Credentials or audit logs
• If a command fails due to RBAC limits, the script continues gracefully and logs a small .err file

---

🧪 Validate Your Setup

Before running the collector, verify that the required commands are available:

which oc jq tar

If any are missing, install them using your OS package manager.

After successful execution, confirm the tarball exists in ./output:

ls -1 output/calico-precheck-*.tar.gz

Tip: You can override the output folder and keep the working directory with env vars:

OUTPUT_DIR=/tmp KEEP_WORKDIR=1 bash scripts/collect-rosa-ce-support.sh

---

📋 Example Readiness Checklist

☑️ oc, jq, and tar installed
☑️ Logged into target ROSA cluster
☑️ Verified read-only RBAC access
☑️ Collector executed successfully
☑️ Tarball generated in ./output and shared

---

🧩 Contributing

• Open a Pull Request to suggest new checks or improve output clarity
• All scripts are automatically linted using ShellCheck via GitHub Actions

---

🧠 Maintainers

Primary Contact:
Abhishek Rao — Solutions Architect, Tigera

Contributions welcome from the Calico Community.