You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The script fetches multiple YAML configs from GitHub raw URLs during installation (values files, CRDs, configmaps). If GitHub is slow or unreachable, install fails mid-way.
Suggestion: Copy these files into the Docker image at build time and use them as the primary source, with remote fetch as a fallback.
2. Resource pre-flight check
The script doesn't check if the host has enough resources (CPU/RAM) before starting. A k3d cluster + OpenChoreo + AMP on a machine with <8GB will fail late in the process.
Suggestion: Add an upfront check using docker info to verify available memory and CPUs before starting installation.
P1 — User Experience / Portability
3. Single-command install option
The two-step UX (enter container, then run ./install.sh) adds unnecessary friction.
Suggestion: Support docker run ... ghcr.io/wso2/amp-quick-start:v0.9.0-rc1 --install or prompt at container startup:
Would you like to start installation? [Y/n]
4. --network=host doesn't work on Docker Desktop for Mac/Windows
--network=host is a Linux-only Docker feature. On Mac (even with Colima's vz driver), it behaves differently. The k3d config already maps specific ports (3000, 9000, etc.).
Suggestion: Use explicit -p port publishing for cross-platform compatibility:
Suggestion: Consolidate into a single helpers file.
9. Add endpoint health checks after installation
The verification section just runs kubectl get pods.
Suggestion: Verify endpoints are actually reachable:
curl -sf http://localhost:3000 > /dev/null && log_success "Console is reachable"
curl -sf http://localhost:9000/health > /dev/null && log_success "API is reachable"
10. Resume/checkpoint support
If install fails at Step 10, the user must re-run everything. While helm installs are idempotent, wait_for_* and create_plane_cert_resources calls still run.
Suggestion: Record completed steps in a checkpoint file so re-runs skip verified steps.
P3 — Security / Image Size
11. Slim Docker image variant
The Dockerfile installs debug tools (tcpdump, vim, htop, bind-tools) not needed for installation.
Suggestion: Consider a --slim variant or move debug tools to a separate optional layer.
12. Remove chmod 666 Docker socket fallback
In check_docker_permissions(), the fallback runs sudo chmod 666 /var/run/docker.sock. The entrypoint already handles group-based permissions properly.
Suggestion: Remove or replace with group membership approach.
13. Randomize dev credentials
The ClusterSecretStore uses hardcoded passwords (ThisIsTheOpenSearchPassword1).
Suggestion: Generate random passwords per install and/or add a clear warning that these are dev-only credentials.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Overview
After analyzing the quickstart process (
deployments/quick-start/), here are identified improvements organized by priority.The current flow:
--network=hostand Docker socket mountedentrypoint.shsets up Docker socket permissions and switches towso2-ampuser./install.sh(13 steps, ~15-20 min)P0 — Reliability / Fail-fast
1. Bundle remote YAML files into the Docker image
The script fetches multiple YAML configs from GitHub raw URLs during installation (values files, CRDs, configmaps). If GitHub is slow or unreachable, install fails mid-way.
Suggestion: Copy these files into the Docker image at build time and use them as the primary source, with remote fetch as a fallback.
2. Resource pre-flight check
The script doesn't check if the host has enough resources (CPU/RAM) before starting. A k3d cluster + OpenChoreo + AMP on a machine with <8GB will fail late in the process.
Suggestion: Add an upfront check using
docker infoto verify available memory and CPUs before starting installation.P1 — User Experience / Portability
3. Single-command install option
The two-step UX (enter container, then run
./install.sh) adds unnecessary friction.Suggestion: Support
docker run ... ghcr.io/wso2/amp-quick-start:v0.9.0-rc1 --installor prompt at container startup:4.
--network=hostdoesn't work on Docker Desktop for Mac/Windows--network=hostis a Linux-only Docker feature. On Mac (even with Colima'svzdriver), it behaves differently. The k3d config already maps specific ports (3000, 9000, etc.).Suggestion: Use explicit
-pport publishing for cross-platform compatibility:5. Add progress indicators for long-running helm installs
Steps like Control Plane (600s timeout), Observability Plane (900s timeout), and AMP install (1800s timeout) run silently.
Suggestion: Add a spinner or periodic progress updates (e.g., pod status every 30s) to reduce user anxiety during long waits.
6. Distinguish fatal vs non-fatal waits
wait_for_pods()catches timeout errors and returns 0 with a "non-fatal" warning, meaning the script continues even if critical pods never start.Suggestion: Critical waits (Control Plane, AMP core) should fail hard. Only optional extension waits should be non-fatal.
P2 — Speed / Maintainability / Verification
7. Merge observability logs install + upgrade into single install
In Step 10,
observability-logs-opensearchis installed and then immediately upgraded with--reuse-values --set fluent-bit.enabled=true.Suggestion: Pass
--set fluent-bit.enabled=truein the initial install to save ~2-3 minutes.8. Consolidate duplicate helper functions
Both
install.shandinstall-helpers.shdefine overlapping helpers:install.sh:helm_install_idempotent(),wait_for_pods(),wait_for_deployments()install-helpers.sh:install_amp_helm_chart(),wait_for_deployment(),wait_for_statefulset()Suggestion: Consolidate into a single helpers file.
9. Add endpoint health checks after installation
The verification section just runs
kubectl get pods.Suggestion: Verify endpoints are actually reachable:
10. Resume/checkpoint support
If install fails at Step 10, the user must re-run everything. While helm installs are idempotent,
wait_for_*andcreate_plane_cert_resourcescalls still run.Suggestion: Record completed steps in a checkpoint file so re-runs skip verified steps.
P3 — Security / Image Size
11. Slim Docker image variant
The Dockerfile installs debug tools (tcpdump, vim, htop, bind-tools) not needed for installation.
Suggestion: Consider a
--slimvariant or move debug tools to a separate optional layer.12. Remove
chmod 666Docker socket fallbackIn
check_docker_permissions(), the fallback runssudo chmod 666 /var/run/docker.sock. The entrypoint already handles group-based permissions properly.Suggestion: Remove or replace with group membership approach.
13. Randomize dev credentials
The
ClusterSecretStoreuses hardcoded passwords (ThisIsTheOpenSearchPassword1).Suggestion: Generate random passwords per install and/or add a clear warning that these are dev-only credentials.
Summary Table
--network=hostportabilityBeta Was this translation helpful? Give feedback.
All reactions