Kubernetes
Kubernetes mode is designed for production-grade, multi-tenant deployments.
How It Works
Section titled “How It Works”- Gateway runs as a cluster service and orchestrates workers.
- For active conversations, gateway creates worker deployments/pods.
- Workers run OpenClaw runtime and connect back to gateway for job delivery.
- Worker storage is backed by PVCs mounted at
/workspacefor session continuity.
Isolation and Security Controls
Section titled “Isolation and Security Controls”Typical controls in Kubernetes mode include:
- Pod-level isolation for workers
- NetworkPolicies to restrict direct egress
- Gateway-mediated outbound traffic and MCP calls
- RBAC for least-privilege gateway orchestration
- Optional hardened runtimes such as gVisor/Kata where available
Persistence Model
Section titled “Persistence Model”- Worker session data is stored under
/workspace - Per-deployment PVCs preserve state across scale-to-zero/resume cycles
- PVCs are cleaned up when deployments are removed after inactivity
When to Use Kubernetes Mode
Section titled “When to Use Kubernetes Mode”Use Kubernetes mode when you need:
- Stronger tenant isolation
- Cluster scheduling and autoscaling
- Production operations with Helm-based deployment
Deployment
Section titled “Deployment”The Helm chart is published as an OCI artifact to GitHub Container Registry:
helm install lobu oci://ghcr.io/lobu-ai/charts/lobuThe chart uses ghcr.io/lobu-ai/lobu-gateway and ghcr.io/lobu-ai/lobu-worker-base images. Configure secrets via Sealed Secrets or your preferred secrets manager.