Skip to content

OpenClaw (AI Agentic Platform)

OpenClaw is an AI-powered agentic platform designed to facilitate autonomous task execution and browser automation.

1. Overview

OpenClaw is deployed as a containerized application within the K3s cluster, serving as the primary interface for AI agent interactions.

  • Status: Active
  • Target Environment: Cloud (Oracle Cloud)

2. Requirements & Prerequisites

Necessary components or states prior to implementation:

  • Helm Controller: Installed in the K3s cluster.
  • Sealed Secrets: openclaw-credentials containing OpenRouter API keys.
  • Access Control: Tailscale or Cloudflare Tunnel for connectivity.

3. Implementation Procedure

The service is managed through ArgoCD using the official OpenClaw Helm chart.

A. Environment Configuration

  1. Namespace Creation: The openclaw namespace is initialized.
  2. Secret Management: Sensitive credentials are encrypted using Bitnami Sealed Secrets.

B. Service Deployment

OpenClaw is deployed to the k3s-master node to utilize optimized CPU resources.

# Apply the ArgoCD Application manifest
kubectl apply -f apps/services/openclaw-helm.yaml

4. Configuration Standards

Settings are managed according to the following standards:

  • Persistence: A 5Gi volume is provisioned using the local-path storage class.
  • Model Configuration: The platform is configured to interface with OpenRouter utilizing the kimi-k2.5 model.
  • Failover Strategy: Connectivity is maintained with an external Ollama instance on a Windows PC to offload high-compute tasks from OCI.
  • Browser Automation: A Chromium sidecar (alpine-chrome) is enabled for web-based agent tasks.
  • Resource Limits: The container is restricted to 4GB of RAM to maintain cluster stability.

5. Verification

System health is validated through these procedures:

  1. Pod Readiness: Verify all containers in the openclaw namespace are in Running state.
  2. Log Inspection: Monitor application logs for successful connection to OpenRouter.
  3. Accessibility: Confirm the UI is reachable via the configured NodePort or Tunnel.