Preflight checks for Solace Agent Mesh Enterprise on Kubernetes

Solace Agent Mesh
1

If you’re planning to deploy Solace Agent Mesh Enterprise on Kubernetes with Helm, I’ve published a small helper CLI that runs preflight checks against your cluster and values.yaml before you do the real install:

The goal is to make the first enterprise install a bit more boring: one command, clear PASS/WARN/FAIL output, and a simple checklist you can run locally or in CI.

What the tool does

The sam-preflight CLI validates a few key areas that commonly bite us during first installs:

  • Tooling and cluster reachability (kubectl / helm installed, cluster API reachable, Kubernetes and Helm minimum versions).

  • Basic SAM Helm values sanity and persistence mode (bundled vs external PostgreSQL + S3).

  • Namespace existence and RBAC needed to install into that namespace.

  • Image pull secret readiness for private registries.

  • Optional external checks for Solace SEMP v2 and OpenAI if those credentials are present.

It’s intentionally opinionated and conservative: it prefers to tell you “FAIL” early with a concrete fix instead of letting you discover problems halfway through a Helm install.

How to run it

The repo is a simple Python project; you can run it locally or wire it into your pipeline.

git clone https://github.com/solacese/sam-preflight
cd sam-preflight
pip install -e .
sam-preflight

By default it will:

  1. Read CLI flags (if any), then environment variables, then ./values.yaml if present, then fall back to vendored chart defaults.

Common patterns:

  • With an explicit values file and namespace:
sam-preflight --values ./my-values.yaml --namespace solace-agent-mesh
  • Using only environment variables (handy for CI):
export SAM_PREFLIGHT_NAMESPACE=solace-agent-meshexport SAM_PREFLIGHT_SET__sam__dnsName=sam.example.comexport SAM_PREFLIGHT_SET__broker__url=wss://my-broker.messaging.solace.cloud:443sam-preflight
  • JSON output for pipelines:
sam-preflight --json

Exit code is 0 when there are no FAIL checks and 2 if at least one check fails, so it plugs nicely into CI/CD gates.

Readiness checklist

The README in the repo also includes a concise checklist you can use as a runbook before a first enterprise install:

  • kubectl and helm installed with supported versions.

  • Cluster reachable and correct kube-context selected.

  • Target namespace chosen and permissions validated.

  • Required values.yaml keys populated, including persistence mode.

  • Image pull secret created if needed.

  • Broker and LLM credentials prepared (but not committed).

  • sam-preflight completes with no FAIL results.

If you’re already running Solace Agent Mesh Enterprise on Kubernetes, I’d love feedback on additional checks that would be most useful to add in the next iteration (for example: deeper DNS/ingress validation, capacity modeling, or more opinionated broker checks).

1 Like