Kubernetes
Kubernetes mode is designed for production-grade, multi-tenant deployments.
How It Works
Section titled “How It Works”- Gateway runs as a cluster service and orchestrates workers.
- For active conversations, gateway creates worker deployments/pods.
- Workers run OpenClaw runtime and connect back to gateway for job delivery.
- Worker storage is backed by PVCs mounted at
/workspacefor session continuity.
Isolation and Security Controls
Section titled “Isolation and Security Controls”Typical controls in Kubernetes mode include:
- Pod-level isolation for workers
- NetworkPolicies to restrict direct egress
- Gateway-mediated outbound traffic and MCP calls
- RBAC for least-privilege gateway orchestration
- Optional hardened runtimes such as gVisor/Kata where available
Persistence Model
Section titled “Persistence Model”- Worker session data is stored under
/workspace - Per-deployment PVCs preserve state across scale-to-zero/resume cycles
- PVCs are cleaned up when deployments are removed after inactivity
When to Use Kubernetes Mode
Section titled “When to Use Kubernetes Mode”Use Kubernetes mode when you need:
- Stronger tenant isolation
- Cluster scheduling and autoscaling
- Production operations with Helm-based deployment
Deployment Path
Section titled “Deployment Path”Install with Helm chart and configure secrets via Sealed Secrets for production environments.