Skip to content

weak-fox/openclaw-helm

BranchesTags

Repository files navigation

openclaw-helm logo

openclaw-helm

Helm packaging for OpenClaw on Kubernetes. Focused on practical security controls and flexible model/provider configuration.

Artifact Hub Helm CI Chart Release License Helm Repo Chart Version App Version Kubernetes Helm

Quick StartExamplesCompatibilityArchitectureDemoRepo LayoutArtifact HubReferences

Highlights

  • Flexible model/provider setup with clear keys (provider / api / baseUrl / model).
  • Security switches exposed through gateway.controlUi for different deployment policies.
  • Integrated aio-sandbox with shared workspace storage: browser actions are visible, workspace config can be updated through browser flows, and shell/Jupyter tasks run in the same runtime.
  • Built-in offline seed bootstrap for skills/plugins via weak-fox/openclaw-offline-seed, so startup can use pre-bundled artifacts without runtime npx downloads.
  • Unified image registry prefixing through global.imageRegistry.
  • CI/release workflows included for linting, templating, and chart publishing.

Compatibility

Item Version
Chart 1.0.11
OpenClaw app 2026.3.28
Kubernetes >=1.24.0-0
Helm v3.x

Source of truth: charts/openclaw/Chart.yaml.

Architecture

flowchart TB
  subgraph A["Access"]
    U["Browser / API Client"]
    SVC["Service / Ingress"]
  end

  subgraph B["Runtime Pod"]
    GW["OpenClaw Gateway<br/>:18789"]
    SB["aio-sandbox<br/>:8080"]
  end

  subgraph C["Dependencies"]
    LLM["Model Provider"]
    VOL["Shared Storage (PVC)"]
  end

  U --> SVC --> GW
  GW <--> SB
  GW --> LLM
  GW <--> VOL
  SB <--> VOL

  classDef access fill:#EEF6FF,stroke:#5B8FF9,stroke-width:1.2px,color:#0B1F33;
  classDef runtime fill:#FFF4E8,stroke:#FA8C16,stroke-width:1.2px,color:#2B1A00;
  classDef dep fill:#F6FFED,stroke:#52C41A,stroke-width:1.2px,color:#102A00;
  class U,SVC access;
  class GW,SB runtime;
  class LLM,VOL dep;
Loading

Quick start

OPENCLAW_API_KEY is the unified runtime provider key consumed by OpenClaw provider config. Put your provider key in this secret (OpenAI / Anthropic / LiteLLM / OpenRouter / vLLM gateway / Ollama gateway, etc.).

Create namespace and API key secret first (required):

kubectl create namespace openclaw
kubectl -n openclaw create secret generic openclaw-api-key \
  --from-literal=OPENCLAW_API_KEY=sk-xxxx

Install directly from local chart path (test profile):

helm upgrade --install openclaw ./charts/openclaw -n openclaw \
  --set gateway.controlUi.allowInsecureAuth=true \
  --set gateway.controlUi.dangerouslyDisableDeviceAuth=true \
  --set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true

Install from Helm repository (test profile):

helm repo add openclaw-helm https://weak-fox.github.io/openclaw-helm
helm repo update
helm upgrade --install openclaw openclaw-helm/openclaw -n openclaw \
  --set gateway.controlUi.allowInsecureAuth=true \
  --set gateway.controlUi.dangerouslyDisableDeviceAuth=true \
  --set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true

Warning The three gateway.controlUi.* flags above reduce security and are for local testing only. For production/security-sensitive deployments, follow OpenClaw official guidance: https://docs.openclaw.ai/gateway/security

Full values and operations guide: charts/openclaw/README.md

Examples

All example values are here: charts/openclaw/examples

Example usage:

helm upgrade --install openclaw ./charts/openclaw -n openclaw \
  -f ./charts/openclaw/examples/<example-file>.yaml

Browser workflow demo

Captured from a real Kubernetes deployment with LiteLLM (Qwen3) backend, using aio-sandbox and shared storage to drive browser operations and workspace-level execution.

OpenClaw to sandbox demo

Repository layout

Publishing chart repo

Enable GitHub Pages on gh-pages (root).
When chart-related changes are pushed to main (or a GitHub Release is published), chart-release.yaml runs helm/chart-releaser-action to publish:

  • GitHub Release assets (.tgz)
  • Helm repo index (gh-pages/index.yaml)

Then clients can install/update by:

helm repo add openclaw-helm https://weak-fox.github.io/openclaw-helm
helm repo update

Artifact Hub

This repo is prepared for Artifact Hub onboarding.

  1. Publish chart index on GitHub Pages (https://weak-fox.github.io/openclaw-helm/index.yaml).
  2. Register the Helm repo in Artifact Hub (repository URL above).
  3. After Artifact Hub creates your repository entry, add root metadata file artifacthub-repo.yml.
  4. Keep the metadata file synced to gh-pages so Artifact Hub can read it from the chart repository root.

References and integrations

For attribution and license details of referenced/derived parts, see THIRD_PARTY_NOTICES.md.

About

Helm packaging for OpenClaw on Kubernetes with aio-sandbox integration and flexible model/provider configuration.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 12

openclaw-1.0.11 Latest
Mar 29, 2026
+ 11 releases

Packages

 
 
 

Contributors

Languages