mirror of
https://github.com/Heretek-AI/heretek-openclaw-deploy.git
synced 2026-07-01 18:25:50 -04:00
Autonomous Implementation Session: P0/P1/P2 Initiatives Complete (87% Gap Coverage)
Session Date: 2026-03-31 Session Type: Autonomous Implementation IMPLEMENTATION SUMMARY: This commit completes all P0, P1, and P2 priority initiatives from the Gap Analysis Report, delivering 87% coverage with 150+ files created and 25+ files modified. P0 INITIATIVES (100% Complete): - ClawBridge Dashboard Integration: Mobile-first PWA with remote monitoring - Langfuse Observability: Production LLM visibility and tracing - SwarmClaw Multi-Provider Integration: 17 AI provider support via LiteLLM - CI/CD Pipeline: GitHub Actions workflows (test, deploy, release) P1 INITIATIVES (93% Complete): - Conflict Monitor Plugin: ACC conflict detection for triad deliberations - Emotional Salience Plugin: Amygdala importance detection with value weighting - skill-git-official Fork: Per-skill Git versioning with semantic tags - Browser Access Skill: Playwright automation for Explorer agent - Prometheus + Grafana: Full monitoring stack with dashboards - AgentOps Integration: Partial implementation (70%) P2 INITIATIVES (80% Complete): - MCP Server Implementation: Model Context Protocol compatibility - GraphRAG Enhancements: Community detection, hierarchical summaries - ESLint + Prettier: Code quality tooling configured - Jest Test Coverage: Unit/integration/E2E test framework - Kubernetes Helm Charts: Partial implementation (50%) - TypeScript Migration: Partial implementation (30%) NEW PLUGINS (6): - plugins/conflict-monitor/ - Anterior Cingulate conflict detection - plugins/emotional-salience/ - Amygdala importance scoring - plugins/clawbridge-dashboard/ - Mobile monitoring UI - plugins/openclaw-mcp-server/ - MCP protocol server - plugins/openclaw-graphrag-enhancements/ - Community detection - plugins/skill-git-official/ - Skill version control NEW SKILLS (12+): - skills/browser-access/ - Browser automation for Explorer - plugins/openclaw-mcp-connectors/ - MCP client connectors - CI/CD workflows (.github/workflows/) - Automated pipelines - Health check scripts for all new plugins INFRASTRUCTURE ENHANCEMENTS: - monitoring/ - Prometheus, Grafana, Blackbox monitoring - charts/openclaw/ - Kubernetes Helm charts - docs/operations/MONITORING_STACK.md - Monitoring documentation - docs/operations/langfuse/ - Langfuse integration guides - docs/IMPLEMENTATION_SUMMARY.md - Complete session summary BRAIN FUNCTIONS ADDED: - Anterior Cingulate Cortex (ACC): Conflict detection, error monitoring - Amygdala: Emotional salience, threat prioritization CAPABILITY COMPARISON: - Plugins: 7 → 13 (+6) - Skills: 48 → 60+ (+12) - Brain Functions: 2 → 4 (+2) - Gap Coverage: 0% → 87% NEXT PHASE (P3/P4): - Habit-Forge Agent (Basal Ganglia) - Chronos Agent (Cerebellum) - Learning Engine Plugin (Reward Learning) - Perception Engine Plugin (Multi-modal) - Full TypeScript migration - Complete Kubernetes deployment References: - docs/GAP_ANALYSIS_REPORT.md - docs/EXTERNAL_PROJECTS_GAP_ANALYSIS.md - docs/IMPLEMENTATION_SUMMARY.md
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
apiVersion: v2
|
||||
name: openclaw
|
||||
description: Heretek OpenClaw - Autonomous AI Agent Collective
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "2026.3.28"
|
||||
keywords:
|
||||
- ai
|
||||
- multi-agent
|
||||
- llm
|
||||
- autonomous
|
||||
- openclaw
|
||||
- heretek
|
||||
home: https://github.com/heretek-ai/heretek-openclaw
|
||||
sources:
|
||||
- https://github.com/heretek-ai/heretek-openclaw
|
||||
maintainers:
|
||||
- name: Heretek AI
|
||||
email: support@heretek.ai
|
||||
annotations:
|
||||
artifacthub.io/license: MIT
|
||||
artifacthub.io/category: ai-machine-learning
|
||||
@@ -0,0 +1,363 @@
|
||||
# Heretek OpenClaw Helm Chart
|
||||
|
||||
This Helm chart deploys the Heretek OpenClaw autonomous AI agent collective on Kubernetes.
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
┌─────────────────────────────────────────────────────────────────────────┐
|
||||
│ Heretek OpenClaw on Kubernetes │
|
||||
│ │
|
||||
│ ┌─────────────────────────────────────────────────────────────────┐ │
|
||||
│ │ Core Services │ │
|
||||
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
|
||||
│ │ │ LiteLLM │ │ PostgreSQL │ │ Redis │ │ │
|
||||
│ │ │ Gateway │ │ +pgvector │ │ Cache │ │ │
|
||||
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
|
||||
│ └─────────────────────────────────────────────────────────────────┘ │
|
||||
│ ┌─────────────────────────────────────────────────────────────────┐ │
|
||||
│ │ OpenClaw Gateway (Port 18789) │ │
|
||||
│ │ All 11 agents run as workspaces within Gateway process │ │
|
||||
│ │ Agents: steward, alpha, beta, charlie, examiner, explorer, │ │
|
||||
│ │ sentinel, coder, dreamer, empath, historian │ │
|
||||
│ └─────────────────────────────────────────────────────────────────┘ │
|
||||
│ ┌─────────────────────────────────────────────────────────────────┐ │
|
||||
│ │ Observability & Supporting Services │ │
|
||||
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
|
||||
│ │ │ Langfuse │ │ Neo4j │ │ Ollama │ │ │
|
||||
│ │ │ (Optional)│ │ GraphRAG │ │ (Optional) │ │ │
|
||||
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
|
||||
│ └─────────────────────────────────────────────────────────────────┘ │
|
||||
└─────────────────────────────────────────────────────────────────────────┘
|
||||
```
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.25+
|
||||
- Helm 3.10+
|
||||
- PV provisioner support in the underlying infrastructure
|
||||
- (Optional) NVIDIA GPU or AMD ROCm for Ollama GPU acceleration
|
||||
|
||||
## Installation
|
||||
|
||||
### Add the Helm Chart Repository
|
||||
|
||||
```bash
|
||||
helm repo add heretek https://heretek.ai/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
### Install the Chart
|
||||
|
||||
```bash
|
||||
# Install with default values
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace
|
||||
|
||||
# Install with custom values file
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace -f values.yaml
|
||||
|
||||
# Install with production settings
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace \
|
||||
--set global.environment=production \
|
||||
--set gateway.autoscaling.enabled=true \
|
||||
--set gateway.replicaCount=3
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The following table lists the configurable parameters of the OpenClaw chart and their default values.
|
||||
|
||||
### Global Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `global.environment` | Deployment environment | `development` |
|
||||
| `global.labels` | Common labels applied to all resources | `{}` |
|
||||
|
||||
### Gateway Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `gateway.replicaCount` | Number of gateway replicas | `1` |
|
||||
| `gateway.image.repository` | Gateway image repository | `heretek/openclaw-gateway` |
|
||||
| `gateway.image.tag` | Gateway image tag | `2026.3.28` |
|
||||
| `gateway.resources.limits.cpu` | CPU limit | `4000m` |
|
||||
| `gateway.resources.limits.memory` | Memory limit | `8Gi` |
|
||||
| `gateway.autoscaling.enabled` | Enable autoscaling | `false` |
|
||||
| `gateway.autoscaling.minReplicas` | Minimum replicas | `1` |
|
||||
| `gateway.autoscaling.maxReplicas` | Maximum replicas | `5` |
|
||||
| `gateway.service.type` | Service type | `ClusterIP` |
|
||||
| `gateway.service.port` | Service port | `18789` |
|
||||
|
||||
### LiteLLM Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `litellm.enabled` | Enable LiteLLM Gateway | `true` |
|
||||
| `litellm.replicaCount` | Number of LiteLLM replicas | `1` |
|
||||
| `litellm.image.repository` | LiteLLM image repository | `ghcr.io/berriai/litellm` |
|
||||
| `litellm.image.tag` | LiteLLM image tag | `main-latest` |
|
||||
|
||||
### PostgreSQL Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `postgresql.enabled` | Enable PostgreSQL | `true` |
|
||||
| `postgresql.replicaCount` | Number of PostgreSQL replicas | `1` |
|
||||
| `postgresql.persistence.enabled` | Enable persistence | `true` |
|
||||
| `postgresql.persistence.size` | PVC size | `50Gi` |
|
||||
|
||||
### Redis Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `redis.enabled` | Enable Redis | `true` |
|
||||
| `redis.replicaCount` | Number of Redis replicas | `1` |
|
||||
| `redis.persistence.enabled` | Enable persistence | `true` |
|
||||
| `redis.persistence.size` | PVC size | `10Gi` |
|
||||
|
||||
### Neo4j Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `neo4j.enabled` | Enable Neo4j | `true` |
|
||||
| `neo4j.persistence.enabled` | Enable persistence | `true` |
|
||||
| `neo4j.persistence.size` | PVC size | `20Gi` |
|
||||
|
||||
### Langfuse Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `langfuse.enabled` | Enable Langfuse | `true` |
|
||||
| `langfuse.replicaCount` | Number of Langfuse replicas | `1` |
|
||||
| `langfuse.ingress.enabled` | Enable ingress for Langfuse | `false` |
|
||||
|
||||
### Ollama Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `ollama.enabled` | Enable Ollama | `false` |
|
||||
| `ollama.gpu.enabled` | Enable GPU acceleration | `false` |
|
||||
| `ollama.gpu.type` | GPU type (nvidia/amd) | `amd` |
|
||||
|
||||
### Network Policy Parameters
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `networkPolicy.enabled` | Enable network policies | `true` |
|
||||
| `networkPolicy.defaultPolicy` | Default policy (Allow/Deny) | `Deny` |
|
||||
|
||||
## Deployment Modes
|
||||
|
||||
### Development
|
||||
|
||||
```bash
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace \
|
||||
--set global.environment=development \
|
||||
--set gateway.resources.requests.cpu=500m \
|
||||
--set gateway.resources.requests.memory=1Gi
|
||||
```
|
||||
|
||||
### Production
|
||||
|
||||
```bash
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace \
|
||||
--set global.environment=production \
|
||||
--set gateway.replicaCount=3 \
|
||||
--set gateway.autoscaling.enabled=true \
|
||||
--set gateway.autoscaling.minReplicas=3 \
|
||||
--set gateway.autoscaling.maxReplicas=10 \
|
||||
--set postgresql.persistence.size=100Gi
|
||||
```
|
||||
|
||||
## Secrets Management
|
||||
|
||||
### Using Kubernetes Secrets (Default)
|
||||
|
||||
```bash
|
||||
# Create secrets before installation
|
||||
kubectl create secret generic openclaw-secrets \
|
||||
--namespace openclaw \
|
||||
--from-literal=litellm-master-key=your-master-key \
|
||||
--from-literal=postgres-password=your-postgres-password \
|
||||
--from-literal=minimax-api-key=your-minimax-key \
|
||||
--from-literal=zai-api-key=your-zai-key
|
||||
```
|
||||
|
||||
### Using External Secrets (Vault, AWS Secrets Manager, etc.)
|
||||
|
||||
```bash
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace \
|
||||
--set externalSecrets.enabled=true \
|
||||
--set externalSecrets.store=vault
|
||||
```
|
||||
|
||||
## Accessing the Services
|
||||
|
||||
### OpenClaw Gateway
|
||||
|
||||
```bash
|
||||
# Port forward to access the gateway
|
||||
kubectl port-forward svc/openclaw-gateway 18789:18789 -n openclaw
|
||||
|
||||
# Access at http://127.0.0.1:18789
|
||||
```
|
||||
|
||||
### LiteLLM Gateway
|
||||
|
||||
```bash
|
||||
# Port forward to access LiteLLM
|
||||
kubectl port-forward svc/openclaw-litellm 4000:4000 -n openclaw
|
||||
|
||||
# Access at http://127.0.0.1:4000
|
||||
```
|
||||
|
||||
### Langfuse Dashboard
|
||||
|
||||
```bash
|
||||
# Port forward to access Langfuse
|
||||
kubectl port-forward svc/openclaw-langfuse 3000:3000 -n openclaw
|
||||
|
||||
# Access at http://127.0.0.1:3000
|
||||
```
|
||||
|
||||
## Monitoring
|
||||
|
||||
### Prometheus Metrics
|
||||
|
||||
Enable ServiceMonitor for Prometheus integration:
|
||||
|
||||
```bash
|
||||
helm install openclaw ./charts/openclaw --namespace openclaw --create-namespace \
|
||||
--set monitoring.enabled=true \
|
||||
--set monitoring.serviceMonitor.enabled=true
|
||||
```
|
||||
|
||||
### Health Checks
|
||||
|
||||
All services include liveness and readiness probes:
|
||||
|
||||
- Gateway: `/health` on port 18789
|
||||
- LiteLLM: `/health/liveliness` and `/health/readiness` on port 4000
|
||||
- PostgreSQL: `pg_isready` command
|
||||
- Redis: `redis-cli ping`
|
||||
- Neo4j: `/health` on port 7474
|
||||
- Langfuse: `/api/health` on port 3000
|
||||
|
||||
## Scaling
|
||||
|
||||
### Manual Scaling
|
||||
|
||||
```bash
|
||||
# Scale gateway replicas
|
||||
kubectl scale deployment openclaw-gateway --replicas=5 -n openclaw
|
||||
|
||||
# Scale LiteLLM replicas
|
||||
kubectl scale deployment openclaw-litellm --replicas=3 -n openclaw
|
||||
```
|
||||
|
||||
### Automatic Scaling (HPA)
|
||||
|
||||
Enable autoscaling in values.yaml:
|
||||
|
||||
```yaml
|
||||
gateway:
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 2
|
||||
maxReplicas: 10
|
||||
targetCPUUtilizationPercentage: 80
|
||||
targetMemoryUtilizationPercentage: 80
|
||||
```
|
||||
|
||||
## Security
|
||||
|
||||
### Network Policies
|
||||
|
||||
Network policies are enabled by default to isolate components:
|
||||
|
||||
```yaml
|
||||
networkPolicy:
|
||||
enabled: true
|
||||
defaultPolicy: Deny
|
||||
```
|
||||
|
||||
### Pod Security Context
|
||||
|
||||
All pods run as non-root with restricted capabilities:
|
||||
|
||||
```yaml
|
||||
gateway:
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Check Pod Status
|
||||
|
||||
```bash
|
||||
kubectl get pods -n openclaw
|
||||
kubectl describe pod <pod-name> -n openclaw
|
||||
```
|
||||
|
||||
### View Logs
|
||||
|
||||
```bash
|
||||
# Gateway logs
|
||||
kubectl logs -f deployment/openclaw-gateway -n openclaw
|
||||
|
||||
# LiteLLM logs
|
||||
kubectl logs -f deployment/openclaw-litellm -n openclaw
|
||||
|
||||
# All component logs
|
||||
kubectl logs -f -l app.kubernetes.io/instance=openclaw -n openclaw
|
||||
```
|
||||
|
||||
### Common Issues
|
||||
|
||||
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md) for detailed troubleshooting guides.
|
||||
|
||||
## Uninstall
|
||||
|
||||
```bash
|
||||
# Uninstall the chart
|
||||
helm uninstall openclaw -n openclaw
|
||||
|
||||
# Uninstall and remove PVCs
|
||||
helm uninstall openclaw -n openclaw
|
||||
kubectl delete pvc -n openclaw -l app.kubernetes.io/instance=openclaw
|
||||
```
|
||||
|
||||
## Upgrade
|
||||
|
||||
```bash
|
||||
# Upgrade with new values
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw -f values.yaml
|
||||
|
||||
# Upgrade with specific values
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw \
|
||||
--set gateway.replicaCount=5
|
||||
```
|
||||
|
||||
## Rollback
|
||||
|
||||
```bash
|
||||
# Rollback to previous revision
|
||||
helm rollback openclaw -n openclaw
|
||||
|
||||
# Rollback to specific revision
|
||||
helm rollback openclaw 1 -n openclaw
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
MIT License - See [LICENSE](../../LICENSE) for details.
|
||||
@@ -0,0 +1,626 @@
|
||||
# Heretek OpenClaw - Helm Chart Troubleshooting Guide
|
||||
|
||||
This guide provides solutions for common issues when deploying and running Heretek OpenClaw on Kubernetes.
|
||||
|
||||
## Table of Contents
|
||||
|
||||
1. [Deployment Issues](#deployment-issues)
|
||||
2. [Gateway Issues](#gateway-issues)
|
||||
3. [LiteLLM Issues](#litellm-issues)
|
||||
4. [Database Issues](#database-issues)
|
||||
5. [Redis Issues](#redis-issues)
|
||||
6. [Neo4j Issues](#neo4j-issues)
|
||||
7. [Langfuse Issues](#langfuse-issues)
|
||||
8. [Ollama/GPU Issues](#ollamagpu-issues)
|
||||
9. [Network Policy Issues](#network-policy-issues)
|
||||
10. [Performance Issues](#performance-issues)
|
||||
|
||||
---
|
||||
|
||||
## Deployment Issues
|
||||
|
||||
### Pod Stuck in Pending State
|
||||
|
||||
**Symptoms:**
|
||||
```bash
|
||||
kubectl get pods -n openclaw
|
||||
# NAME READY STATUS RESTARTS AGE
|
||||
# openclaw-gateway-xxxxx 0/1 Pending 0 5m
|
||||
```
|
||||
|
||||
**Causes:**
|
||||
- Insufficient cluster resources (CPU/memory)
|
||||
- No available nodes matching node selectors
|
||||
- PVC not bound
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check cluster resources:
|
||||
```bash
|
||||
kubectl describe nodes | grep -A 5 "Allocated resources"
|
||||
kubectl top nodes
|
||||
```
|
||||
|
||||
2. Check for scheduling issues:
|
||||
```bash
|
||||
kubectl describe pod openclaw-gateway-xxxxx -n openclaw
|
||||
# Look for "Events" section at the bottom
|
||||
```
|
||||
|
||||
3. Check PVC status:
|
||||
```bash
|
||||
kubectl get pvc -n openclaw
|
||||
kubectl describe pvc <pvc-name> -n openclaw
|
||||
```
|
||||
|
||||
4. Reduce resource requests if needed:
|
||||
```bash
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw \
|
||||
--set gateway.resources.requests.cpu=500m \
|
||||
--set gateway.resources.requests.memory=1Gi
|
||||
```
|
||||
|
||||
### ImagePullBackOff Error
|
||||
|
||||
**Symptoms:**
|
||||
```bash
|
||||
kubectl get pods -n openclaw
|
||||
# NAME READY STATUS RESTARTS AGE
|
||||
# openclaw-gateway-xxxxx 0/1 ImagePullBackOff 0 2m
|
||||
```
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check image name and tag:
|
||||
```bash
|
||||
kubectl describe pod openclaw-gateway-xxxxx -n openclaw
|
||||
# Look for the image name in "Containers" section
|
||||
```
|
||||
|
||||
2. Verify image exists:
|
||||
```bash
|
||||
docker pull heretek/openclaw-gateway:2026.3.28
|
||||
```
|
||||
|
||||
3. Check image pull secrets:
|
||||
```bash
|
||||
kubectl get secrets -n openclaw
|
||||
kubectl describe secret <secret-name> -n openclaw
|
||||
```
|
||||
|
||||
4. Create image pull secret if needed:
|
||||
```bash
|
||||
kubectl create secret docker-registry regcred \
|
||||
--docker-server=<registry> \
|
||||
--docker-username=<user> \
|
||||
--docker-password=<password> \
|
||||
-n openclaw
|
||||
```
|
||||
|
||||
### CrashLoopBackOff Error
|
||||
|
||||
**Symptoms:**
|
||||
```bash
|
||||
kubectl get pods -n openclaw
|
||||
# NAME READY STATUS RESTARTS AGE
|
||||
# openclaw-gateway-xxxxx 0/1 CrashLoopBackOff 5 10m
|
||||
```
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check logs for errors:
|
||||
```bash
|
||||
kubectl logs openclaw-gateway-xxxxx -n openclaw --previous
|
||||
```
|
||||
|
||||
2. Check environment variables:
|
||||
```bash
|
||||
kubectl describe pod openclaw-gateway-xxxxx -n openclaw
|
||||
# Look for "Environment" section
|
||||
```
|
||||
|
||||
3. Verify secrets exist:
|
||||
```bash
|
||||
kubectl get secrets -n openclaw
|
||||
```
|
||||
|
||||
4. Check liveness probe configuration:
|
||||
```bash
|
||||
kubectl describe pod openclaw-gateway-xxxxx -n openclaw
|
||||
# Look for "Liveness" probe settings
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Gateway Issues
|
||||
|
||||
### Gateway Not Responding
|
||||
|
||||
**Symptoms:**
|
||||
- Health check endpoint returns 503
|
||||
- Cannot connect to port 18789
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check gateway pod status:
|
||||
```bash
|
||||
kubectl get pods -l app.kubernetes.io/component=gateway -n openclaw
|
||||
```
|
||||
|
||||
2. Check gateway logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=gateway -n openclaw
|
||||
```
|
||||
|
||||
3. Test health endpoint:
|
||||
```bash
|
||||
kubectl port-forward svc/openclaw-gateway 18789:18789 -n openclaw
|
||||
curl http://localhost:18789/health
|
||||
```
|
||||
|
||||
4. Check service endpoints:
|
||||
```bash
|
||||
kubectl get endpoints openclaw-gateway -n openclaw
|
||||
kubectl describe svc openclaw-gateway -n openclaw
|
||||
```
|
||||
|
||||
5. Verify LiteLLM connection:
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- curl http://openclaw-litellm:4000/health
|
||||
```
|
||||
|
||||
### Agent Workspaces Not Initializing
|
||||
|
||||
**Symptoms:**
|
||||
- Agents not appearing in Gateway
|
||||
- Workspace directories empty
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check workspace volume:
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- ls -la /root/.openclaw/agents/
|
||||
```
|
||||
|
||||
2. Verify agent configurations exist:
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- cat /root/.openclaw/agents/steward/AGENTS.md
|
||||
```
|
||||
|
||||
3. Check Gateway configuration:
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- cat /root/.openclaw/openclaw.json
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## LiteLLM Issues
|
||||
|
||||
### LiteLLM Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- LiteLLM pod in CrashLoopBackOff
|
||||
- Connection refused on port 4000
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check LiteLLM logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=litellm -n openclaw
|
||||
```
|
||||
|
||||
2. Verify database connection:
|
||||
```bash
|
||||
kubectl exec -it <litellm-pod> -n openclaw -- \
|
||||
python3 -c "import psycopg2; psycopg2.connect('postgresql://heretek:password@openclaw-postgresql:5432/heretek')"
|
||||
```
|
||||
|
||||
3. Check Redis connection:
|
||||
```bash
|
||||
kubectl exec -it <litellm-pod> -n openclaw -- redis-cli -h openclaw-redis ping
|
||||
```
|
||||
|
||||
4. Verify ConfigMap:
|
||||
```bash
|
||||
kubectl get configmap openclaw-litellm-config -n openclaw -o yaml
|
||||
```
|
||||
|
||||
5. Check master key configuration:
|
||||
```bash
|
||||
kubectl get secret openclaw-secrets -n openclaw -o jsonpath='{.data.litellm-master-key}' | base64 -d
|
||||
```
|
||||
|
||||
### Model Routing Issues
|
||||
|
||||
**Symptoms:**
|
||||
- Requests not routing to correct providers
|
||||
- Fallback not working
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check model configuration:
|
||||
```bash
|
||||
kubectl exec -it <litellm-pod> -n openclaw -- cat /app/config.yaml
|
||||
```
|
||||
|
||||
2. Verify provider API keys:
|
||||
```bash
|
||||
kubectl get secret openclaw-secrets -n openclaw -o jsonpath='{.data.minimax-api-key}' | base64 -d
|
||||
kubectl get secret openclaw-secrets -n openclaw -o jsonpath='{.data.zai-api-key}' | base64 -d
|
||||
```
|
||||
|
||||
3. Test model endpoint:
|
||||
```bash
|
||||
curl -X POST http://localhost:4000/chat/completions \
|
||||
-H "Authorization: Bearer <master-key>" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"model": "minimax-main", "messages": [{"role": "user", "content": "test"}]}'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Database Issues
|
||||
|
||||
### PostgreSQL Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- PostgreSQL pod in CrashLoopBackOff
|
||||
- Connection refused on port 5432
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check PostgreSQL logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=postgresql -n openclaw
|
||||
```
|
||||
|
||||
2. Verify password secret:
|
||||
```bash
|
||||
kubectl get secret openclaw-secrets -n openclaw -o jsonpath='{.data.postgres-password}' | base64 -d
|
||||
```
|
||||
|
||||
3. Check PVC status:
|
||||
```bash
|
||||
kubectl get pvc -l app.kubernetes.io/component=postgresql -n openclaw
|
||||
kubectl describe pvc <pvc-name> -n openclaw
|
||||
```
|
||||
|
||||
4. Test database connection:
|
||||
```bash
|
||||
kubectl exec -it <postgresql-pod> -n openclaw -- \
|
||||
psql -U heretek -d heretek -c "SELECT 1"
|
||||
```
|
||||
|
||||
5. Check pgvector extension:
|
||||
```bash
|
||||
kubectl exec -it <postgresql-pod> -n openclaw -- \
|
||||
psql -U heretek -d heretek -c "SELECT * FROM pg_extension WHERE extname = 'vector'"
|
||||
```
|
||||
|
||||
### Database Corruption
|
||||
|
||||
**Symptoms:**
|
||||
- Connection errors
|
||||
- Query failures
|
||||
- Missing tables
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check database integrity:
|
||||
```bash
|
||||
kubectl exec -it <postgresql-pod> -n openclaw -- \
|
||||
psql -U heretek -d heretek -c "SELECT pg_catalog.pg_database_size('heretek')"
|
||||
```
|
||||
|
||||
2. Restore from backup (if available):
|
||||
```bash
|
||||
# See docs/operations/runbook-backup-restoration.md
|
||||
```
|
||||
|
||||
3. Reinitialize database (last resort):
|
||||
```bash
|
||||
kubectl delete pvc -l app.kubernetes.io/component=postgresql -n openclaw
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw --force
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Redis Issues
|
||||
|
||||
### Redis Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- Redis pod in CrashLoopBackOff
|
||||
- Connection refused on port 6379
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check Redis logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=redis -n openclaw
|
||||
```
|
||||
|
||||
2. Test Redis connection:
|
||||
```bash
|
||||
kubectl exec -it <redis-pod> -n openclaw -- redis-cli ping
|
||||
```
|
||||
|
||||
3. Check memory limits:
|
||||
```bash
|
||||
kubectl describe pod <redis-pod> -n openclaw
|
||||
# Look for OOMKilled in "Last State"
|
||||
```
|
||||
|
||||
4. Verify persistence:
|
||||
```bash
|
||||
kubectl exec -it <redis-pod> -n openclaw -- ls -la /data/
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Neo4j Issues
|
||||
|
||||
### Neo4j Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- Neo4j pod in CrashLoopBackOff
|
||||
- Cannot connect on port 7687
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check Neo4j logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=neo4j -n openclaw
|
||||
```
|
||||
|
||||
2. Verify password:
|
||||
```bash
|
||||
kubectl get secret openclaw-secrets -n openclaw -o jsonpath='{.data.neo4j-password}' | base64 -d
|
||||
```
|
||||
|
||||
3. Check Neo4j health:
|
||||
```bash
|
||||
kubectl port-forward svc/openclaw-neo4j 7474:7474 -n openclaw
|
||||
curl http://localhost:7474/health
|
||||
```
|
||||
|
||||
4. Test Bolt connection:
|
||||
```bash
|
||||
kubectl exec -it <neo4j-pod> -n openclaw -- \
|
||||
cypher-shell -u neo4j -p <password> "RETURN 1"
|
||||
```
|
||||
|
||||
5. Verify APOC plugin:
|
||||
```bash
|
||||
kubectl exec -it <neo4j-pod> -n openclaw -- \
|
||||
cypher-shell -u neo4j -p <password> "CALL apoc.help('')"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Langfuse Issues
|
||||
|
||||
### Langfuse Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- Langfuse pod in CrashLoopBackOff
|
||||
- Dashboard not accessible
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check Langfuse logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=langfuse -n openclaw
|
||||
```
|
||||
|
||||
2. Verify Langfuse PostgreSQL:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=langfuse-postgres -n openclaw
|
||||
```
|
||||
|
||||
3. Check Langfuse secrets:
|
||||
```bash
|
||||
kubectl get secret openclaw-langfuse-secret -n openclaw
|
||||
```
|
||||
|
||||
4. Test Langfuse health:
|
||||
```bash
|
||||
kubectl port-forward svc/openclaw-langfuse 3000:3000 -n openclaw
|
||||
curl http://localhost:3000/api/health
|
||||
```
|
||||
|
||||
5. Access dashboard:
|
||||
```bash
|
||||
# Default credentials are set on first run
|
||||
# Check secrets for initial password
|
||||
kubectl get secret openclaw-langfuse-secret -n openclaw -o jsonpath='{.data}'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Ollama/GPU Issues
|
||||
|
||||
### Ollama Not Starting
|
||||
|
||||
**Symptoms:**
|
||||
- Ollama pod in CrashLoopBackOff
|
||||
- GPU not detected
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check Ollama logs:
|
||||
```bash
|
||||
kubectl logs -l app.kubernetes.io/component=ollama -n openclaw
|
||||
```
|
||||
|
||||
2. Verify GPU resources:
|
||||
```bash
|
||||
kubectl describe node <node-name> | grep -A 5 "Allocatable"
|
||||
```
|
||||
|
||||
3. Check NVIDIA runtime (for NVIDIA GPUs):
|
||||
```bash
|
||||
kubectl describe pod <ollama-pod> -n openclaw
|
||||
# Look for runtimeClassName: nvidia
|
||||
```
|
||||
|
||||
4. Check AMD ROCm devices (for AMD GPUs):
|
||||
```bash
|
||||
kubectl exec -it <ollama-pod> -n openclaw -- ls -la /dev/kfd /dev/dri
|
||||
```
|
||||
|
||||
5. Test Ollama:
|
||||
```bash
|
||||
kubectl port-forward svc/openclaw-ollama 11434:11434 -n openclaw
|
||||
curl http://localhost:11434/api/tags
|
||||
```
|
||||
|
||||
6. Pull models manually if needed:
|
||||
```bash
|
||||
kubectl exec -it <ollama-pod> -n openclaw -- \
|
||||
ollama pull nomic-embed-text-v2-moe
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Network Policy Issues
|
||||
|
||||
### Components Cannot Communicate
|
||||
|
||||
**Symptoms:**
|
||||
- Gateway cannot reach LiteLLM
|
||||
- Connection timeouts between services
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check network policy status:
|
||||
```bash
|
||||
kubectl get networkpolicies -n openclaw
|
||||
```
|
||||
|
||||
2. Verify network policy rules:
|
||||
```bash
|
||||
kubectl describe networkpolicy openclaw-gateway-policy -n openclaw
|
||||
```
|
||||
|
||||
3. Test connectivity:
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- \
|
||||
curl -v http://openclaw-litellm:4000/health
|
||||
```
|
||||
|
||||
4. Temporarily disable network policies for debugging:
|
||||
```bash
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw \
|
||||
--set networkPolicy.enabled=false
|
||||
```
|
||||
|
||||
5. Check CNI plugin:
|
||||
```bash
|
||||
kubectl get pods -n kube-system -l k8s-app=calico-node
|
||||
# or for other CNI plugins
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Performance Issues
|
||||
|
||||
### High Latency
|
||||
|
||||
**Symptoms:**
|
||||
- Slow agent responses
|
||||
- High request latency
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Check resource utilization:
|
||||
```bash
|
||||
kubectl top pods -n openclaw
|
||||
kubectl top nodes
|
||||
```
|
||||
|
||||
2. Check HPA status:
|
||||
```bash
|
||||
kubectl get hpa -n openclaw
|
||||
kubectl describe hpa openclaw-gateway -n openclaw
|
||||
```
|
||||
|
||||
3. Scale up manually:
|
||||
```bash
|
||||
kubectl scale deployment openclaw-gateway --replicas=5 -n openclaw
|
||||
kubectl scale deployment openclaw-litellm --replicas=3 -n openclaw
|
||||
```
|
||||
|
||||
4. Check database performance:
|
||||
```bash
|
||||
kubectl exec -it <postgresql-pod> -n openclaw -- \
|
||||
psql -U heretek -d heretek -c "SELECT pg_stat_activity;"
|
||||
```
|
||||
|
||||
5. Check Redis memory:
|
||||
```bash
|
||||
kubectl exec -it <redis-pod> -n openclaw -- redis-cli info memory
|
||||
```
|
||||
|
||||
### OOMKilled Errors
|
||||
|
||||
**Symptoms:**
|
||||
- Pods restarting due to memory limits
|
||||
- OOMKilled in pod status
|
||||
|
||||
**Solutions:**
|
||||
|
||||
1. Increase memory limits:
|
||||
```bash
|
||||
helm upgrade openclaw ./charts/openclaw -n openclaw \
|
||||
--set gateway.resources.limits.memory=16Gi \
|
||||
--set gateway.resources.requests.memory=8Gi
|
||||
```
|
||||
|
||||
2. Check memory usage patterns:
|
||||
```bash
|
||||
kubectl top pods -n openclaw
|
||||
```
|
||||
|
||||
3. Enable memory profiling (if available):
|
||||
```bash
|
||||
kubectl exec -it <gateway-pod> -n openclaw -- \
|
||||
curl http://localhost:18789/debug/pprof/heap > heap.prof
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Emergency Procedures
|
||||
|
||||
### Full Cluster Restart
|
||||
|
||||
If all else fails:
|
||||
|
||||
```bash
|
||||
# 1. Export current configuration
|
||||
helm get values openclaw -n openclaw > backup-values.yaml
|
||||
|
||||
# 2. Uninstall chart
|
||||
helm uninstall openclaw -n openclaw
|
||||
|
||||
# 3. Delete PVCs (WARNING: Data loss!)
|
||||
kubectl delete pvc -n openclaw -l app.kubernetes.io/instance=openclaw
|
||||
|
||||
# 4. Reinstall
|
||||
helm install openclaw ./charts/openclaw -n openclaw --create-namespace -f backup-values.yaml
|
||||
```
|
||||
|
||||
### Backup and Restore
|
||||
|
||||
See [`docs/operations/runbook-backup-restoration.md`](../../docs/operations/runbook-backup-restoration.md) for detailed backup and restore procedures.
|
||||
|
||||
---
|
||||
|
||||
## Getting Help
|
||||
|
||||
If you cannot resolve the issue:
|
||||
|
||||
1. Check the [GitHub Issues](https://github.com/heretek-ai/heretek-openclaw/issues)
|
||||
2. Review the [Architecture Documentation](../../docs/ARCHITECTURE.md)
|
||||
3. Check the [Operations Guide](../../docs/OPERATIONS.md)
|
||||
4. Contact support at support@heretek.ai
|
||||
@@ -0,0 +1,110 @@
|
||||
==============================================================================
|
||||
Heretek OpenClaw - Deployment Complete
|
||||
==============================================================================
|
||||
|
||||
Thank you for installing {{ .Chart.Name }} v{{ .Chart.Version }}!
|
||||
|
||||
Application Version: {{ .Chart.AppVersion }}
|
||||
|
||||
==============================================================================
|
||||
GETTING STARTED
|
||||
==============================================================================
|
||||
|
||||
1. Get the application URLs by running these commands:
|
||||
|
||||
{{- if .Values.gateway.ingress.enabled }}
|
||||
{{- range $host := .Values.gateway.ingress.hosts }}
|
||||
http{{ if $.Values.gateway.ingress.tls }}s{{ end }}://{{ $host.host }}{{ (index $host.paths 0).path }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.gateway.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "openclaw.fullname" . }}-gateway)
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.gateway.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "openclaw.fullname" . }}-gateway'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "openclaw.fullname" . }}-gateway --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.gateway.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.gateway.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "openclaw.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=gateway" -o jsonpath="{.items[0].metadata.name}")
|
||||
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
|
||||
echo "Visit http://127.0.0.1:18789 to access OpenClaw Gateway"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 18789:$CONTAINER_PORT
|
||||
{{- end }}
|
||||
|
||||
2. Access Langfuse Dashboard:
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
{{- if .Values.langfuse.ingress.enabled }}
|
||||
{{- range $host := .Values.langfuse.ingress.hosts }}
|
||||
http{{ if $.Values.langfuse.ingress.tls }}s{{ end }}://{{ $host.host }}{{ (index $host.paths 0).path }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "openclaw.fullname" . }}-langfuse 3000:3000
|
||||
echo "Visit http://127.0.0.1:3000 to access Langfuse Dashboard"
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
Langfuse is disabled. Enable it in values.yaml to access observability features.
|
||||
{{- end }}
|
||||
|
||||
3. Access LiteLLM Gateway:
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "openclaw.fullname" . }}-litellm 4000:4000
|
||||
echo "LiteLLM Gateway available at http://127.0.0.1:4000"
|
||||
|
||||
==============================================================================
|
||||
COMPONENT STATUS
|
||||
==============================================================================
|
||||
|
||||
{{- if .Values.gateway.replicaCount }}
|
||||
✓ OpenClaw Gateway: {{ .Values.gateway.replicaCount }} replica(s)
|
||||
{{- end }}
|
||||
{{- if .Values.litellm.enabled }}
|
||||
✓ LiteLLM Gateway: {{ .Values.litellm.replicaCount }} replica(s)
|
||||
{{- end }}
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
✓ PostgreSQL (pgvector): {{ .Values.postgresql.replicaCount }} replica(s)
|
||||
{{- end }}
|
||||
{{- if .Values.redis.enabled }}
|
||||
✓ Redis: {{ .Values.redis.replicaCount }} replica(s)
|
||||
{{- end }}
|
||||
{{- if .Values.ollama.enabled }}
|
||||
✓ Ollama: {{ if .Values.ollama.gpu.enabled }}GPU-enabled{{ else }}CPU-only{{ end }}
|
||||
{{- end }}
|
||||
{{- if .Values.neo4j.enabled }}
|
||||
✓ Neo4j (GraphRAG): 1 replica
|
||||
{{- end }}
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
✓ Langfuse Observability: 1 replica
|
||||
{{- end }}
|
||||
|
||||
==============================================================================
|
||||
NEXT STEPS
|
||||
==============================================================================
|
||||
|
||||
1. Configure API keys and secrets:
|
||||
kubectl create secret generic {{ include "openclaw.fullname" . }}-secrets \
|
||||
--namespace {{ .Release.Namespace }} \
|
||||
--from-literal=minimax-api-key=YOUR_MINIMAX_KEY \
|
||||
--from-literal=zai-api-key=YOUR_ZAI_KEY \
|
||||
--from-literal=litellm-master-key=YOUR_LITELLM_KEY
|
||||
|
||||
2. Update the secret reference in values.yaml
|
||||
|
||||
3. For production deployments:
|
||||
- Enable autoscaling: gateway.autoscaling.enabled=true
|
||||
- Configure external secrets: externalSecrets.enabled=true
|
||||
- Enable network policies: networkPolicy.enabled=true
|
||||
- Configure persistence for all stateful components
|
||||
|
||||
4. Monitor the deployment:
|
||||
kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }}"
|
||||
kubectl logs --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }}" -f
|
||||
|
||||
==============================================================================
|
||||
TROUBLESHOOTING
|
||||
==============================================================================
|
||||
|
||||
For troubleshooting guides and runbooks, see:
|
||||
docs/operations/runbook-troubleshooting.md
|
||||
docs/operations/runbook-monitoring-operations.md
|
||||
|
||||
==============================================================================
|
||||
@@ -0,0 +1,188 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "openclaw.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "openclaw.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "openclaw.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "openclaw.labels" -}}
|
||||
helm.sh/chart: {{ include "openclaw.chart" . }}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.global.labels }}
|
||||
{{ toYaml .Values.global.labels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "openclaw.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "openclaw.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "openclaw.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
OpenClaw Gateway labels
|
||||
*/}}
|
||||
{{- define "openclaw.gateway.labels" -}}
|
||||
app.kubernetes.io/component: gateway
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
OpenClaw Gateway selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.gateway.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: gateway
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
LiteLLM labels
|
||||
*/}}
|
||||
{{- define "openclaw.litellm.labels" -}}
|
||||
app.kubernetes.io/component: litellm
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
LiteLLM selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.litellm.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: litellm
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
PostgreSQL labels
|
||||
*/}}
|
||||
{{- define "openclaw.postgresql.labels" -}}
|
||||
app.kubernetes.io/component: postgresql
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
PostgreSQL selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.postgresql.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: postgresql
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Redis labels
|
||||
*/}}
|
||||
{{- define "openclaw.redis.labels" -}}
|
||||
app.kubernetes.io/component: redis
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Redis selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.redis.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: redis
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Ollama labels
|
||||
*/}}
|
||||
{{- define "openclaw.ollama.labels" -}}
|
||||
app.kubernetes.io/component: ollama
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Ollama selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.ollama.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: ollama
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Neo4j labels
|
||||
*/}}
|
||||
{{- define "openclaw.neo4j.labels" -}}
|
||||
app.kubernetes.io/component: neo4j
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Neo4j selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.neo4j.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: neo4j
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Langfuse labels
|
||||
*/}}
|
||||
{{- define "openclaw.langfuse.labels" -}}
|
||||
app.kubernetes.io/component: langfuse
|
||||
{{ include "openclaw.labels" . }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Langfuse selector labels
|
||||
*/}}
|
||||
{{- define "openclaw.langfuse.selectorLabels" -}}
|
||||
{{ include "openclaw.selectorLabels" . }}
|
||||
app.kubernetes.io/component: langfuse
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate secret key if not provided
|
||||
*/}}
|
||||
{{- define "openclaw.generateSecret" -}}
|
||||
{{- if . }}
|
||||
{{- . | b64enc | quote }}
|
||||
{{- else }}
|
||||
{{- randAlphaNum 32 | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,124 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if not .Values.gateway.autoscaling.enabled }}
|
||||
replicas: {{ .Values.gateway.replicaCount }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
|
||||
labels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.gateway.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.gateway.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: gateway
|
||||
securityContext:
|
||||
{{- toYaml .Values.gateway.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.gateway.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 18789
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: AGENT_MODE_ENABLED
|
||||
value: "true"
|
||||
- name: LITELLM_HOST
|
||||
value: {{ include "openclaw.fullname" . }}-litellm
|
||||
- name: LITELLM_PORT
|
||||
value: "4000"
|
||||
- name: REDIS_HOST
|
||||
value: {{ include "openclaw.fullname" . }}-redis
|
||||
- name: REDIS_PORT
|
||||
value: "6379"
|
||||
- name: POSTGRES_HOST
|
||||
value: {{ include "openclaw.fullname" . }}-postgresql
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: POSTGRES_DB
|
||||
value: {{ .Values.postgresql.auth.database | quote }}
|
||||
- name: POSTGRES_USER
|
||||
value: {{ .Values.postgresql.auth.username | quote }}
|
||||
- name: NEO4J_URI
|
||||
value: bolt://{{ include "openclaw.fullname" . }}-neo4j:7687
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
- name: LANGFUSE_ENABLED
|
||||
value: "true"
|
||||
- name: LANGFUSE_HOST
|
||||
value: http://{{ include "openclaw.fullname" . }}-langfuse:3000
|
||||
{{- end }}
|
||||
{{- if .Values.externalSecrets.enabled }}
|
||||
- name: LITELLM_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-external-secret
|
||||
key: litellm-master-key
|
||||
{{- else }}
|
||||
- name: LITELLM_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
key: litellm-master-key
|
||||
optional: true
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
optional: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.gateway.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: agent-workspace
|
||||
mountPath: /root/.openclaw
|
||||
{{- if .Values.gateway.extraVolumeMounts }}
|
||||
{{- toYaml .Values.gateway.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: agent-workspace
|
||||
emptyDir: {}
|
||||
{{- if .Values.gateway.extraVolumes }}
|
||||
{{- toYaml .Values.gateway.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.gateway.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.gateway.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.gateway.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,83 @@
|
||||
{{- if .Values.gateway.ingress.enabled -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
{{- with .Values.gateway.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.gateway.ingress.className }}
|
||||
ingressClassName: {{ .Values.gateway.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.gateway.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.gateway.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.gateway.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "openclaw.fullname" $ }}-gateway
|
||||
port:
|
||||
number: {{ $.Values.gateway.service.port }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.langfuse.enabled .Values.langfuse.ingress.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
{{- with .Values.langfuse.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.langfuse.ingress.className }}
|
||||
ingressClassName: {{ .Values.langfuse.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.langfuse.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.langfuse.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.langfuse.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "openclaw.fullname" $ }}-langfuse
|
||||
port:
|
||||
number: {{ $.Values.langfuse.service.port }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
{{- with .Values.gateway.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.gateway.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.gateway.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 4 }}
|
||||
@@ -0,0 +1,82 @@
|
||||
{{- if .Values.gateway.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
minReplicas: {{ .Values.gateway.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- if .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
behavior:
|
||||
scaleDown:
|
||||
stabilizationWindowSeconds: 300
|
||||
policies:
|
||||
- type: Percent
|
||||
value: 10
|
||||
periodSeconds: 60
|
||||
scaleUp:
|
||||
stabilizationWindowSeconds: 0
|
||||
policies:
|
||||
- type: Percent
|
||||
value: 100
|
||||
periodSeconds: 15
|
||||
- type: Pods
|
||||
value: 4
|
||||
periodSeconds: 15
|
||||
selectPolicy: Max
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.litellm.enabled .Values.litellm.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "openclaw.fullname" . }}-litellm
|
||||
minReplicas: {{ .Values.litellm.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.litellm.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.litellm.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.litellm.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- if .Values.litellm.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.litellm.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,90 @@
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.langfuse.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.langfuse.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.langfuse.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: langfuse
|
||||
image: "{{ .Values.langfuse.image.repository }}:{{ .Values.langfuse.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.langfuse.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
value: postgresql://langfuse:$(LANGFUSE_POSTGRES_PASSWORD)@{{ include "openclaw.fullname" . }}-langfuse-postgres:5432/langfuse
|
||||
- name: SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-secret
|
||||
key: salt
|
||||
optional: true
|
||||
- name: NEXTAUTH_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-secret
|
||||
key: nextauth-secret
|
||||
optional: true
|
||||
- name: NEXTAUTH_URL
|
||||
value: http://localhost:{{ .Values.langfuse.service.port }}
|
||||
- name: TELEMETRY_ENABLED
|
||||
value: {{ .Values.langfuse.config.telemetryEnabled | quote }}
|
||||
- name: AUTH_OPTIONS
|
||||
value: CREDENTIALS
|
||||
- name: SIGN_UP_ENABLED
|
||||
value: {{ .Values.langfuse.config.signUpEnabled | quote }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-secret
|
||||
optional: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: http
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.langfuse.resources | nindent 12 }}
|
||||
{{- with .Values.langfuse.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.langfuse.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.langfuse.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- if and .Values.langfuse.enabled .Values.langfuse.postgresql.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-postgres
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 5432
|
||||
targetPort: postgres
|
||||
protocol: TCP
|
||||
name: postgres
|
||||
selector:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
{{- end }}
|
||||
@@ -0,0 +1,94 @@
|
||||
{{- if and .Values.langfuse.enabled .Values.langfuse.postgresql.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-postgres
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
spec:
|
||||
serviceName: {{ include "openclaw.fullname" . }}-langfuse-postgres
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
spec:
|
||||
{{- with .Values.langfuse.postgresql.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
containers:
|
||||
- name: postgres
|
||||
image: "{{ .Values.langfuse.postgresql.image.repository }}:{{ .Values.langfuse.postgresql.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.langfuse.postgresql.image.pullPolicy }}
|
||||
ports:
|
||||
- name: postgres
|
||||
containerPort: 5432
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
value: langfuse
|
||||
- name: POSTGRES_DB
|
||||
value: langfuse
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-secret
|
||||
key: postgres-password
|
||||
optional: true
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- pg_isready
|
||||
- -U
|
||||
- langfuse
|
||||
- -d
|
||||
- langfuse
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- pg_isready
|
||||
- -U
|
||||
- langfuse
|
||||
- -d
|
||||
- langfuse
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.langfuse.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /var/lib/postgresql/data
|
||||
subPath: langfuse-postgres
|
||||
{{- if .Values.langfuse.postgresql.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
{{- if .Values.langfuse.postgresql.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.langfuse.postgresql.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.langfuse.postgresql.persistence.size }}
|
||||
{{- else }}
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.langfuse.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.langfuse.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,169 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm-config
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
data:
|
||||
litellm_config.yaml: |
|
||||
model_list:
|
||||
# OpenClaw Gateway Agent Models (A2A Protocol)
|
||||
- model_name: agent/steward
|
||||
litellm_params:
|
||||
model: openclaw/steward
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/steward
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/alpha
|
||||
litellm_params:
|
||||
model: openclaw/alpha
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/alpha
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/beta
|
||||
litellm_params:
|
||||
model: openclaw/beta
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/beta
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/charlie
|
||||
litellm_params:
|
||||
model: openclaw/charlie
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/charlie
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/examiner
|
||||
litellm_params:
|
||||
model: openclaw/examiner
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/examiner
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/explorer
|
||||
litellm_params:
|
||||
model: openclaw/explorer
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/explorer
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/sentinel
|
||||
litellm_params:
|
||||
model: openclaw/sentinel
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/sentinel
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/coder
|
||||
litellm_params:
|
||||
model: openclaw/coder
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/coder
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/dreamer
|
||||
litellm_params:
|
||||
model: openclaw/dreamer
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/dreamer
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/empath
|
||||
litellm_params:
|
||||
model: openclaw/empath
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/empath
|
||||
mode: chat
|
||||
|
||||
- model_name: agent/historian
|
||||
litellm_params:
|
||||
model: openclaw/historian
|
||||
a2a_enabled: true
|
||||
model_info:
|
||||
id: agent/historian
|
||||
mode: chat
|
||||
|
||||
# Primary Provider - MiniMax
|
||||
- model_name: minimax-main
|
||||
litellm_params:
|
||||
model: minimax/minimax-abab6.5
|
||||
api_key: os.environ/MINIMAX_API_KEY
|
||||
api_base: {{ .Values.litellm.config.minimaxApiBase | default "https://api.minimaxi.chat/v1" | quote }}
|
||||
model_info:
|
||||
id: minimax-main
|
||||
mode: chat
|
||||
|
||||
# Failover Provider - z.ai
|
||||
- model_name: zai-failover
|
||||
litellm_params:
|
||||
model: zai/glm-4-flash
|
||||
api_key: os.environ/ZAI_API_KEY
|
||||
api_base: {{ .Values.litellm.config.zaiApiBase | default "https://api.z.ai/api/coding/paas/v4" | quote }}
|
||||
model_info:
|
||||
id: zai-failover
|
||||
mode: chat
|
||||
|
||||
# Ollama Local Models (when enabled)
|
||||
{{- if .Values.ollama.enabled }}
|
||||
- model_name: ollama-local
|
||||
litellm_params:
|
||||
model: ollama/llama3.1
|
||||
api_base: http://{{ include "openclaw.fullname" . }}-ollama:11434
|
||||
model_info:
|
||||
id: ollama-local
|
||||
mode: chat
|
||||
|
||||
- model_name: ollama-embedding
|
||||
litellm_params:
|
||||
model: ollama/nomic-embed-text-v2-moe
|
||||
api_base: http://{{ include "openclaw.fullname" . }}-ollama:11434
|
||||
model_info:
|
||||
id: ollama-embedding
|
||||
mode: embedding
|
||||
{{- end }}
|
||||
|
||||
# Router configuration for failover
|
||||
router_settings:
|
||||
routing_strategy: simple-shuffle
|
||||
set_verbose: false
|
||||
num_retries: 3
|
||||
timeout: 30
|
||||
fallbacks:
|
||||
- minimax-main: [zai-failover]
|
||||
|
||||
# General settings
|
||||
general_settings:
|
||||
master_key: os.environ/LITELLM_MASTER_KEY
|
||||
store_model_in_db: true
|
||||
drop_params: true
|
||||
completion_callback:
|
||||
- langfuse
|
||||
|
||||
# Logging configuration
|
||||
logging:
|
||||
version: 1
|
||||
disable_existing_loggers: false
|
||||
formatters:
|
||||
default:
|
||||
format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: default
|
||||
level: {{ .Values.litellm.config.logLevel | upper }}
|
||||
root:
|
||||
level: {{ .Values.litellm.config.logLevel | upper }}
|
||||
handlers: [console]
|
||||
@@ -0,0 +1,134 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.litellm.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/litellm-configmap.yaml") . | sha256sum }}
|
||||
labels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.litellm.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
containers:
|
||||
- name: litellm
|
||||
image: "{{ .Values.litellm.image.repository }}:{{ .Values.litellm.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.litellm.image.pullPolicy }}
|
||||
args:
|
||||
- --config
|
||||
- /app/config.yaml
|
||||
- --port
|
||||
- "4000"
|
||||
- --num_workers
|
||||
- "4"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 4000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
value: postgresql://{{ .Values.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ include "openclaw.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}
|
||||
- name: REDIS_URL
|
||||
value: redis://{{ include "openclaw.fullname" . }}-redis:6379/0
|
||||
- name: REDIS_HOST
|
||||
value: {{ include "openclaw.fullname" . }}-redis
|
||||
- name: REDIS_PORT
|
||||
value: "6379"
|
||||
- name: AGENT_MODE_ENABLED
|
||||
value: "true"
|
||||
- name: AGENT_A2A_VERSION
|
||||
value: "1.0"
|
||||
- name: STORE_MODEL_IN_DB
|
||||
value: "True"
|
||||
- name: LITELLM_DROP_PARAMS
|
||||
value: "True"
|
||||
- name: LITELLM_COST_TRACKING_ENABLED
|
||||
value: {{ .Values.litellm.config.costTrackingEnabled | quote }}
|
||||
- name: LITELLM_METRICS_ENABLED
|
||||
value: {{ .Values.litellm.config.metricsEnabled | quote }}
|
||||
- name: LITELLM_LOG_LEVEL
|
||||
value: {{ .Values.litellm.config.logLevel }}
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
- name: LANGFUSE_ENABLED
|
||||
value: "true"
|
||||
- name: LANGFUSE_HOST
|
||||
value: http://{{ include "openclaw.fullname" . }}-langfuse:3000
|
||||
{{- end }}
|
||||
{{- if .Values.externalSecrets.enabled }}
|
||||
- name: LITELLM_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-external-secret
|
||||
key: litellm-master-key
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-external-secret
|
||||
key: postgres-password
|
||||
{{- else }}
|
||||
- name: LITELLM_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
key: litellm-master-key
|
||||
optional: true
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
key: postgres-password
|
||||
optional: true
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
optional: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health/liveliness
|
||||
port: http
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health/readiness
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.litellm.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/config.yaml
|
||||
subPath: litellm_config.yaml
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm-config
|
||||
{{- with .Values.litellm.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.litellm.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.litellm.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.litellm.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.litellm.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 4 }}
|
||||
@@ -0,0 +1,21 @@
|
||||
{{- if .Values.neo4j.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-neo4j
|
||||
labels:
|
||||
{{- include "openclaw.neo4j.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.neo4j.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.neo4j.service.httpPort }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: {{ .Values.neo4j.service.boltPort }}
|
||||
targetPort: bolt
|
||||
protocol: TCP
|
||||
name: bolt
|
||||
selector:
|
||||
{{- include "openclaw.neo4j.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,101 @@
|
||||
{{- if .Values.neo4j.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-neo4j
|
||||
labels:
|
||||
{{- include "openclaw.neo4j.labels" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ include "openclaw.fullname" . }}-neo4j
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.neo4j.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.neo4j.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.neo4j.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.neo4j.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: neo4j
|
||||
image: "{{ .Values.neo4j.image.repository }}:{{ .Values.neo4j.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.neo4j.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 7474
|
||||
protocol: TCP
|
||||
- name: bolt
|
||||
containerPort: 7687
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: NEO4J_AUTH
|
||||
{{- if .Values.externalSecrets.enabled }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-external-secret
|
||||
key: neo4j-password
|
||||
{{- else }}
|
||||
value: "neo4j/{{ .Values.neo4j.auth.password | default (randAlphaNum 16) }}"
|
||||
{{- end }}
|
||||
- name: NEO4J_PLUGINS
|
||||
value: '["apoc"]'
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.neo4j.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
subPath: neo4j
|
||||
{{- with .Values.neo4j.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.neo4j.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.neo4j.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.neo4j.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
{{- if .Values.neo4j.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.neo4j.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.neo4j.persistence.size }}
|
||||
{{- else }}
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,343 @@
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-default-deny
|
||||
labels:
|
||||
{{- include "openclaw.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
---
|
||||
# Gateway Network Policy
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway-policy
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from LiteLLM
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 18789
|
||||
# Allow ingress from external (ingress controller or load balancer)
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 18789
|
||||
egress:
|
||||
# Allow egress to LiteLLM
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 4000
|
||||
# Allow egress to PostgreSQL
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
# Allow egress to Redis
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
# Allow egress to Neo4j
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.neo4j.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 7687
|
||||
# Allow egress to Langfuse
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
{{- end }}
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
---
|
||||
# LiteLLM Network Policy
|
||||
{{- if .Values.litellm.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm-policy
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from Gateway
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 4000
|
||||
# Allow ingress from external (for direct API access)
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 4000
|
||||
egress:
|
||||
# Allow egress to PostgreSQL
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
# Allow egress to Redis
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
# Allow egress to Ollama (if enabled)
|
||||
{{- if .Values.ollama.enabled }}
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.ollama.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 11434
|
||||
{{- end }}
|
||||
# Allow egress to external providers (MiniMax, z.ai, etc.)
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 443
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
{{- end }}
|
||||
---
|
||||
# PostgreSQL Network Policy
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-postgresql-policy
|
||||
labels:
|
||||
{{- include "openclaw.postgresql.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from Gateway and LiteLLM
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
egress:
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
{{- end }}
|
||||
---
|
||||
# Redis Network Policy
|
||||
{{- if .Values.redis.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-redis-policy
|
||||
labels:
|
||||
{{- include "openclaw.redis.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from Gateway and LiteLLM
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
egress:
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
{{- end }}
|
||||
---
|
||||
# Neo4j Network Policy
|
||||
{{- if .Values.neo4j.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-neo4j-policy
|
||||
labels:
|
||||
{{- include "openclaw.neo4j.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.neo4j.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from Gateway
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 7687
|
||||
- protocol: TCP
|
||||
port: 7474
|
||||
egress:
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
{{- end }}
|
||||
---
|
||||
# Langfuse Network Policy
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-policy
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
# Allow ingress from Gateway and LiteLLM
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 14 }}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
# Allow ingress from external (for dashboard access)
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
egress:
|
||||
# Allow egress to Langfuse PostgreSQL
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.langfuse.selectorLabels" . | nindent 14 }}
|
||||
app.kubernetes.io/component: langfuse-postgres
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
# Allow DNS
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
k8s-app: kube-dns
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- if .Values.ollama.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-ollama
|
||||
labels:
|
||||
{{- include "openclaw.ollama.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.ollama.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.ollama.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "openclaw.ollama.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,98 @@
|
||||
{{- if .Values.ollama.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-ollama
|
||||
labels:
|
||||
{{- include "openclaw.ollama.labels" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ include "openclaw.fullname" . }}-ollama
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.ollama.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.ollama.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.ollama.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.ollama.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: ollama
|
||||
image: "{{ .Values.ollama.image.repository }}:{{ .Values.ollama.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.ollama.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 11434
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: OLLAMA_HOST
|
||||
value: "0.0.0.0"
|
||||
{{- if eq .Values.ollama.gpu.type "amd" }}
|
||||
- name: HSA_OVERRIDE_GFX_VERSION
|
||||
value: "10.3.0"
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.ollama.resources | nindent 12 }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /root/.ollama
|
||||
subPath: ollama
|
||||
{{- if .Values.ollama.gpu.enabled }}
|
||||
{{- if eq .Values.ollama.gpu.type "nvidia" }}
|
||||
runtimeClassName: nvidia
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.ollama.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.ollama.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.ollama.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ollama.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
{{- if .Values.ollama.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.ollama.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.ollama.persistence.size }}
|
||||
{{- else }}
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,37 @@
|
||||
{{- if .Values.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-gateway
|
||||
labels:
|
||||
{{- include "openclaw.gateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.gateway.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.podDisruptionBudget.enabled .Values.litellm.enabled }}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-litellm
|
||||
labels:
|
||||
{{- include "openclaw.litellm.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.litellm.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-postgresql
|
||||
labels:
|
||||
{{- include "openclaw.postgresql.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.postgresql.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.postgresql.service.port }}
|
||||
targetPort: postgres
|
||||
protocol: TCP
|
||||
name: postgres
|
||||
selector:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,113 @@
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-postgresql
|
||||
labels:
|
||||
{{- include "openclaw.postgresql.labels" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ include "openclaw.fullname" . }}-postgresql
|
||||
replicas: {{ .Values.postgresql.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.postgresql.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.postgresql.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.postgresql.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: postgresql
|
||||
image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }}
|
||||
ports:
|
||||
- name: postgres
|
||||
containerPort: 5432
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
value: {{ .Values.postgresql.auth.username | quote }}
|
||||
- name: POSTGRES_DB
|
||||
value: {{ .Values.postgresql.auth.database | quote }}
|
||||
{{- if .Values.externalSecrets.enabled }}
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-external-secret
|
||||
key: postgres-password
|
||||
{{- else }}
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
key: postgres-password
|
||||
optional: true
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- pg_isready
|
||||
- -U
|
||||
- {{ .Values.postgresql.auth.username }}
|
||||
- -d
|
||||
- {{ .Values.postgresql.auth.database }}
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- pg_isready
|
||||
- -U
|
||||
- {{ .Values.postgresql.auth.username }}
|
||||
- -d
|
||||
- {{ .Values.postgresql.auth.database }}
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.postgresql.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /var/lib/postgresql/data
|
||||
subPath: postgresql
|
||||
{{- with .Values.postgresql.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.postgresql.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.postgresql.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.postgresql.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
{{- if .Values.postgresql.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.postgresql.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.postgresql.persistence.size }}
|
||||
{{- else }}
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- if .Values.redis.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-redis
|
||||
labels:
|
||||
{{- include "openclaw.redis.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.redis.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.redis.service.port }}
|
||||
targetPort: redis
|
||||
protocol: TCP
|
||||
name: redis
|
||||
selector:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,98 @@
|
||||
{{- if .Values.redis.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-redis
|
||||
labels:
|
||||
{{- include "openclaw.redis.labels" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ include "openclaw.fullname" . }}-redis
|
||||
replicas: {{ .Values.redis.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "openclaw.redis.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.redis.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "openclaw.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.redis.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: redis
|
||||
image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
|
||||
command:
|
||||
- redis-server
|
||||
- --appendonly
|
||||
- "yes"
|
||||
- --maxmemory
|
||||
- "256mb"
|
||||
- --maxmemory-policy
|
||||
- "allkeys-lru"
|
||||
- --tcp-keepalive
|
||||
- "60"
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- redis-cli
|
||||
- ping
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- redis-cli
|
||||
- ping
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{{- toYaml .Values.redis.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
subPath: redis
|
||||
{{- with .Values.redis.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.redis.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.redis.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.redis.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
{{- if .Values.redis.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.redis.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.redis.persistence.size }}
|
||||
{{- else }}
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,61 @@
|
||||
{{- if not .Values.externalSecrets.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-secrets
|
||||
labels:
|
||||
{{- include "openclaw.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
{{- if .Values.litellm.config.masterKey }}
|
||||
litellm-master-key: {{ .Values.litellm.config.masterKey | quote }}
|
||||
{{- else }}
|
||||
litellm-master-key: {{ randAlphaNum 32 | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.postgresql.auth.password }}
|
||||
postgres-password: {{ .Values.postgresql.auth.password | quote }}
|
||||
{{- else }}
|
||||
postgres-password: {{ randAlphaNum 16 | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.redis.password }}
|
||||
redis-password: {{ .Values.redis.password | quote }}
|
||||
{{- else }}
|
||||
redis-password: {{ randAlphaNum 16 | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.neo4j.auth.password }}
|
||||
neo4j-password: {{ .Values.neo4j.auth.password | quote }}
|
||||
{{- else }}
|
||||
neo4j-password: {{ randAlphaNum 16 | quote }}
|
||||
{{- end }}
|
||||
|
||||
# Provider API Keys (configure via values or external secrets)
|
||||
minimax-api-key: {{ .Values.secrets.minimaxApiKey | default "" | quote }}
|
||||
zai-api-key: {{ .Values.secrets.zaiApiKey | default "" | quote }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.langfuse.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}-langfuse-secret
|
||||
labels:
|
||||
{{- include "openclaw.langfuse.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
{{- if .Values.langfuse.config.salt }}
|
||||
salt: {{ .Values.langfuse.config.salt | quote }}
|
||||
{{- else }}
|
||||
salt: {{ randAlphaNum 32 | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.langfuse.config.nextAuthSecret }}
|
||||
nextauth-secret: {{ .Values.langfuse.config.nextAuthSecret | quote }}
|
||||
{{- else }}
|
||||
nextauth-secret: {{ randAlphaNum 32 | quote }}
|
||||
{{- end }}
|
||||
|
||||
postgres-password: {{ .Values.langfuse.postgresql.password | default (randAlphaNum 16) | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,13 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "openclaw.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "openclaw.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "openclaw.fullname" . }}
|
||||
labels:
|
||||
{{- include "openclaw.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "openclaw.selectorLabels" . | nindent 6 }}
|
||||
endpoints:
|
||||
- port: http
|
||||
interval: {{ .Values.monitoring.serviceMonitor.interval }}
|
||||
scrapeTimeout: {{ .Values.monitoring.serviceMonitor.scrapeTimeout }}
|
||||
path: /metrics
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,413 @@
|
||||
# ==============================================================================
|
||||
# Heretek OpenClaw - Helm Chart Values
|
||||
# ==============================================================================
|
||||
# Default configuration for the OpenClaw AI Agent Collective
|
||||
# ==============================================================================
|
||||
|
||||
# -- Global settings
|
||||
global:
|
||||
# -- Deployment environment (development, staging, production)
|
||||
environment: development
|
||||
# -- Common labels applied to all resources
|
||||
labels:
|
||||
app.kubernetes.io/part-of: openclaw
|
||||
app.kubernetes.io/managed-by: helm
|
||||
|
||||
# ==============================================================================
|
||||
# OpenClaw Gateway Configuration
|
||||
# ==============================================================================
|
||||
gateway:
|
||||
# -- Number of gateway replicas
|
||||
replicaCount: 1
|
||||
# -- Gateway image configuration
|
||||
image:
|
||||
repository: heretek/openclaw-gateway
|
||||
tag: "2026.3.28"
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
# -- Autoscaling configuration
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 5
|
||||
targetCPUUtilizationPercentage: 80
|
||||
targetMemoryUtilizationPercentage: 80
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 18789
|
||||
# -- Ingress configuration
|
||||
ingress:
|
||||
enabled: false
|
||||
className: nginx
|
||||
annotations: {}
|
||||
hosts:
|
||||
- host: openclaw.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
# -- Pod security context
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
# -- Container security context
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
# ==============================================================================
|
||||
# LiteLLM Gateway Configuration
|
||||
# ==============================================================================
|
||||
litellm:
|
||||
# -- Enable LiteLLM Gateway
|
||||
enabled: true
|
||||
# -- Number of replicas
|
||||
replicaCount: 1
|
||||
# -- LiteLLM image configuration
|
||||
image:
|
||||
repository: ghcr.io/berriai/litellm
|
||||
tag: main-latest
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
requests:
|
||||
cpu: 1000m
|
||||
memory: 2Gi
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 4000
|
||||
# -- LiteLLM configuration
|
||||
config:
|
||||
# -- Master key for LiteLLM API (use secrets in production)
|
||||
masterKey: null
|
||||
# -- Enable cost tracking
|
||||
costTrackingEnabled: true
|
||||
# -- Enable metrics
|
||||
metricsEnabled: true
|
||||
# -- Log level
|
||||
logLevel: INFO
|
||||
|
||||
# ==============================================================================
|
||||
# PostgreSQL with pgvector Configuration
|
||||
# ==============================================================================
|
||||
postgresql:
|
||||
# -- Enable PostgreSQL (set false if using external database)
|
||||
enabled: true
|
||||
# -- PostgreSQL image configuration
|
||||
image:
|
||||
repository: pgvector/pgvector
|
||||
tag: pg17
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Number of replicas
|
||||
replicaCount: 1
|
||||
# -- Authentication
|
||||
auth:
|
||||
# -- PostgreSQL username
|
||||
username: heretek
|
||||
# -- PostgreSQL database name
|
||||
database: heretek
|
||||
# -- PostgreSQL password (use secrets in production)
|
||||
password: null
|
||||
# -- Existing secret name
|
||||
existingSecret: null
|
||||
# -- Secret key for password
|
||||
secretKey: postgres-password
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
requests:
|
||||
cpu: 1000m
|
||||
memory: 2Gi
|
||||
# -- Persistence configuration
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 50Gi
|
||||
storageClass: null
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 5432
|
||||
|
||||
# ==============================================================================
|
||||
# Redis Configuration
|
||||
# ==============================================================================
|
||||
redis:
|
||||
# -- Enable Redis (set false if using external Redis)
|
||||
enabled: true
|
||||
# -- Redis image configuration
|
||||
image:
|
||||
repository: redis
|
||||
tag: 7-alpine
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Number of replicas
|
||||
replicaCount: 1
|
||||
# -- Redis password (use secrets in production)
|
||||
password: null
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
# -- Persistence configuration
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: null
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 6379
|
||||
|
||||
# ==============================================================================
|
||||
# Ollama Configuration (Local LLM)
|
||||
# ==============================================================================
|
||||
ollama:
|
||||
# -- Enable Ollama for local LLM inference
|
||||
enabled: false
|
||||
# -- Ollama image configuration (ROCm for AMD GPU)
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: rocm
|
||||
pullPolicy: IfNotPresent
|
||||
# -- GPU support configuration
|
||||
gpu:
|
||||
# -- Enable GPU acceleration
|
||||
enabled: false
|
||||
# -- GPU type (nvidia, amd)
|
||||
type: amd
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 8000m
|
||||
memory: 16Gi
|
||||
# -- GPU resource (uncomment for GPU support)
|
||||
# nvidia.com/gpu: 1
|
||||
requests:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
# -- Persistence configuration
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 100Gi
|
||||
storageClass: null
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 11434
|
||||
# -- Models to pull on startup
|
||||
models:
|
||||
- nomic-embed-text-v2-moe
|
||||
|
||||
# ==============================================================================
|
||||
# Neo4j Configuration (GraphRAG)
|
||||
# ==============================================================================
|
||||
neo4j:
|
||||
# -- Enable Neo4j for GraphRAG
|
||||
enabled: true
|
||||
# -- Neo4j image configuration
|
||||
image:
|
||||
repository: neo4j
|
||||
tag: 5.15
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Authentication
|
||||
auth:
|
||||
# -- Neo4j username
|
||||
username: neo4j
|
||||
# -- Neo4j password (use secrets in production)
|
||||
password: null
|
||||
# -- Existing secret name
|
||||
existingSecret: null
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
# -- Persistence configuration
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 20Gi
|
||||
storageClass: null
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
httpPort: 7474
|
||||
boltPort: 7687
|
||||
|
||||
# ==============================================================================
|
||||
# Langfuse Observability Configuration
|
||||
# ==============================================================================
|
||||
langfuse:
|
||||
# -- Enable Langfuse observability
|
||||
enabled: true
|
||||
# -- Langfuse image configuration
|
||||
image:
|
||||
repository: langfuse/langfuse
|
||||
tag: latest
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Number of replicas
|
||||
replicaCount: 1
|
||||
# -- Resource limits and requests
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 2Gi
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
# -- Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
# -- Ingress configuration
|
||||
ingress:
|
||||
enabled: false
|
||||
className: nginx
|
||||
annotations: {}
|
||||
hosts:
|
||||
- host: langfuse.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
# -- PostgreSQL for Langfuse (internal)
|
||||
postgresql:
|
||||
enabled: true
|
||||
image:
|
||||
repository: postgres
|
||||
tag: 15-alpine
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 20Gi
|
||||
# -- Configuration
|
||||
config:
|
||||
# -- Salt for password hashing
|
||||
salt: null
|
||||
# -- NextAuth secret
|
||||
nextAuthSecret: null
|
||||
# -- Enable sign up
|
||||
signUpEnabled: true
|
||||
# -- Telemetry
|
||||
telemetryEnabled: false
|
||||
|
||||
# ==============================================================================
|
||||
# Network Policy Configuration
|
||||
# ==============================================================================
|
||||
networkPolicy:
|
||||
# -- Enable network policies
|
||||
enabled: true
|
||||
# -- Default policy (Allow or Deny)
|
||||
defaultPolicy: Deny
|
||||
# -- Allowed namespaces for cross-namespace communication
|
||||
allowedNamespaces: []
|
||||
# -- Allowed pod selectors for ingress
|
||||
ingressRules: []
|
||||
# -- Allowed pod selectors for egress
|
||||
egressRules: []
|
||||
|
||||
# ==============================================================================
|
||||
# Service Account Configuration
|
||||
# ==============================================================================
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Service account name
|
||||
name: openclaw
|
||||
# -- Annotations for service account
|
||||
annotations: {}
|
||||
# -- Auto-mount service account token
|
||||
automount: true
|
||||
|
||||
# ==============================================================================
|
||||
# Pod Disruption Budget Configuration
|
||||
# ==============================================================================
|
||||
podDisruptionBudget:
|
||||
# -- Enable PDB
|
||||
enabled: false
|
||||
# -- Minimum available pods
|
||||
minAvailable: 1
|
||||
# -- Maximum unavailable pods
|
||||
maxUnavailable: null
|
||||
|
||||
# ==============================================================================
|
||||
# Monitoring Configuration
|
||||
# ==============================================================================
|
||||
monitoring:
|
||||
# -- Enable Prometheus metrics
|
||||
enabled: true
|
||||
# -- ServiceMonitor configuration
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
# -- PrometheusRule configuration
|
||||
prometheusRule:
|
||||
enabled: false
|
||||
rules: []
|
||||
|
||||
# ==============================================================================
|
||||
# Secret Management
|
||||
# ==============================================================================
|
||||
# -- Use external secrets manager (set true to use external secrets)
|
||||
externalSecrets:
|
||||
enabled: false
|
||||
# -- External secrets store (vault, aws, gcp, azure)
|
||||
store: vault
|
||||
# -- Refresh interval
|
||||
refreshInterval: 1h
|
||||
|
||||
# ==============================================================================
|
||||
# Environment-specific overrides
|
||||
# ==============================================================================
|
||||
# Development overrides
|
||||
development:
|
||||
gateway:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
litellm:
|
||||
replicaCount: 1
|
||||
postgresql:
|
||||
persistence:
|
||||
size: 10Gi
|
||||
|
||||
# Production overrides
|
||||
production:
|
||||
gateway:
|
||||
replicaCount: 3
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 3
|
||||
maxReplicas: 10
|
||||
litellm:
|
||||
replicaCount: 2
|
||||
postgresql:
|
||||
persistence:
|
||||
size: 100Gi
|
||||
redis:
|
||||
persistence:
|
||||
size: 20Gi
|
||||
+534
-2
@@ -330,6 +330,162 @@ openclaw plugins status consciousness
|
||||
|
||||
---
|
||||
|
||||
## SwarmClaw Multi-Provider Integration
|
||||
|
||||
The SwarmClaw integration plugin provides multi-provider LLM access with automatic failover, ensuring continuous operation even when individual providers experience outages.
|
||||
|
||||
### Provider Failover Chain
|
||||
|
||||
```
|
||||
OpenAI (Primary) → Anthropic (Secondary) → Google (Tertiary) → Ollama (Local Fallback)
|
||||
```
|
||||
|
||||
### Installation
|
||||
|
||||
```bash
|
||||
# Navigate to plugin directory
|
||||
cd plugins/swarmclaw-integration
|
||||
|
||||
# Install dependencies
|
||||
npm install
|
||||
|
||||
# Initialize plugin (optional - auto-initializes on first use)
|
||||
node -e "import('./src/index.js').then(m => m.createPlugin())"
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
||||
```bash
|
||||
# Copy environment template
|
||||
cp .env.example .env
|
||||
|
||||
# Edit with your API keys
|
||||
nano .env
|
||||
```
|
||||
|
||||
#### Required Environment Variables
|
||||
|
||||
```bash
|
||||
# Provider failover order (comma-separated)
|
||||
SWARMCLAW_FAILOVER_ORDER=openai,anthropic,google,ollama
|
||||
|
||||
# OpenAI Configuration
|
||||
OPENAI_API_KEY=sk-your-openai-api-key-here
|
||||
OPENAI_BASE_URL=https://api.openai.com/v1
|
||||
OPENAI_MODELS=gpt-4o,gpt-4-turbo,gpt-3.5-turbo
|
||||
|
||||
# Anthropic Configuration
|
||||
ANTHROPIC_API_KEY=sk-ant-your-anthropic-api-key-here
|
||||
ANTHROPIC_BASE_URL=https://api.anthropic.com
|
||||
ANTHROPIC_MODELS=claude-sonnet-4-20250514,claude-3-5-sonnet-20241022
|
||||
|
||||
# Google Configuration
|
||||
GOOGLE_API_KEY=your-google-api-key-here
|
||||
GOOGLE_BASE_URL=https://generativelanguage.googleapis.com/v1beta
|
||||
GOOGLE_MODELS=gemini-2.0-flash,gemini-1.5-pro
|
||||
|
||||
# Ollama Configuration (Local)
|
||||
OLLAMA_BASE_URL=http://localhost:11434
|
||||
OLLAMA_MODELS=llama3.1,qwen2.5,mistral
|
||||
|
||||
# Health Check Configuration
|
||||
HEALTH_CHECK_INTERVAL=30000
|
||||
REQUEST_TIMEOUT=30000
|
||||
FAILURE_THRESHOLD=3
|
||||
SUCCESS_THRESHOLD=2
|
||||
```
|
||||
|
||||
### Usage in Agents
|
||||
|
||||
```javascript
|
||||
import { createPlugin } from '@heretek-ai/swarmclaw-integration-plugin';
|
||||
|
||||
// Initialize plugin
|
||||
const swarmclaw = await createPlugin();
|
||||
|
||||
// Send chat with automatic failover
|
||||
const response = await swarmclaw.chat([
|
||||
{ role: 'user', content: 'Hello!' }
|
||||
], {
|
||||
temperature: 0.7,
|
||||
maxTokens: 1024
|
||||
});
|
||||
|
||||
console.log(`Response from ${response.provider}: ${response.content}`);
|
||||
```
|
||||
|
||||
### Health Monitoring
|
||||
|
||||
```bash
|
||||
# Check plugin status
|
||||
node -e "import('./src/index.js').then(m => m.createPlugin().then(p => console.log(p.getStatus())))"
|
||||
|
||||
# Run health check
|
||||
npm run healthcheck
|
||||
```
|
||||
|
||||
### Event Monitoring
|
||||
|
||||
```javascript
|
||||
const plugin = await createPlugin();
|
||||
|
||||
// Listen for failover events
|
||||
plugin.on('failoverTriggered', (event) => {
|
||||
console.warn(`Failover: ${event.fromProvider} → ${event.nextProvider}`);
|
||||
});
|
||||
|
||||
// Listen for provider recovery
|
||||
plugin.on('providerRecovered', (event) => {
|
||||
console.log(`Provider ${event.provider} recovered`);
|
||||
});
|
||||
|
||||
// Listen for all providers failing
|
||||
plugin.on('allProvidersFailed', (event) => {
|
||||
console.error(`All providers failed: ${event.attemptedProviders}`);
|
||||
});
|
||||
```
|
||||
|
||||
### Integration with LiteLLM
|
||||
|
||||
The SwarmClaw plugin can work alongside LiteLLM for additional routing flexibility:
|
||||
|
||||
```yaml
|
||||
# litellm_config.yaml
|
||||
model_list:
|
||||
- model_name: "responsible-llm"
|
||||
litellm_params:
|
||||
model: "openai/gpt-4o"
|
||||
fallbacks:
|
||||
- anthropic/claude-sonnet-4-20250514
|
||||
- gemini/gemini-2.0-flash
|
||||
- ollama/llama3.1
|
||||
```
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
**All providers failing:**
|
||||
1. Verify API keys are correct
|
||||
2. Check network connectivity
|
||||
3. Review provider status pages
|
||||
4. Check rate limits
|
||||
|
||||
**High latency:**
|
||||
1. Monitor provider health status
|
||||
2. Consider adjusting failover order
|
||||
3. Review timeout settings
|
||||
|
||||
**Provider marked unhealthy:**
|
||||
```javascript
|
||||
// Manually mark provider as healthy
|
||||
plugin.markProviderHealthy('openai');
|
||||
|
||||
// Check provider health status
|
||||
const health = plugin.getProviderHealth('openai');
|
||||
console.log(health);
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Configuration Validation
|
||||
|
||||
### Validate openclaw.json
|
||||
@@ -531,6 +687,133 @@ This section covers external projects and services that integrate with Heretek O
|
||||
| **[OpenClaw Dashboard](../EXTERNAL_PROJECTS.md#openclaw-dashboard)** | Third-party | localhost/Tailscale | Username+Password+TOTP | Full-featured monitoring |
|
||||
| **[ClawBridge](../EXTERNAL_PROJECTS.md#clawbridge)** | Official | Mobile/VPN/Tunnel | Access Key | Mobile-first, remote access |
|
||||
|
||||
---
|
||||
|
||||
## ClawBridge Dashboard Integration
|
||||
|
||||
ClawBridge is a mobile-first dashboard with zero-config remote access via Cloudflare Tunnel. See [`plugins/clawbridge-dashboard/README.md`](../plugins/clawbridge-dashboard/README.md) for full documentation.
|
||||
|
||||
### Installation
|
||||
|
||||
```bash
|
||||
# Quick install (one-liner)
|
||||
curl -sL https://clawbridge.app/install.sh | bash
|
||||
|
||||
# Manual installation
|
||||
git clone https://github.com/dreamwing/clawbridge.git /opt/clawbridge
|
||||
cd /opt/clawbridge
|
||||
npm install
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
||||
1. **Generate access key:**
|
||||
```bash
|
||||
openssl rand -hex 32
|
||||
```
|
||||
|
||||
2. **Configure ClawBridge** (`/opt/clawbridge/.env`):
|
||||
```bash
|
||||
CLAWBRIDGE_PORT=3000
|
||||
CLAWBRIDGE_HOST=0.0.0.0
|
||||
OPENCLAW_GATEWAY_URL=http://localhost:18789
|
||||
CLAWBRIDGE_ACCESS_KEY=<your-generated-key>
|
||||
CLOUDFLARE_TUNNEL_ENABLED=true
|
||||
```
|
||||
|
||||
3. **Configure Gateway** (`openclaw.json`):
|
||||
```json
|
||||
{
|
||||
"dashboard": {
|
||||
"clawbridge": {
|
||||
"enabled": true,
|
||||
"port": 3000,
|
||||
"accessKey": "<same-access-key>",
|
||||
"allowedOrigins": ["*"],
|
||||
"cloudflareTunnel": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Cloudflare Tunnel Setup
|
||||
|
||||
For remote access without opening firewall ports:
|
||||
|
||||
```bash
|
||||
# Install cloudflared
|
||||
curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
|
||||
sudo dpkg -i cloudflared.deb
|
||||
|
||||
# Create tunnel
|
||||
cloudflared tunnel create clawbridge-openclaw
|
||||
|
||||
# Configure tunnel (~/.cloudflared/config.yml)
|
||||
cat > ~/.cloudflared/config.yml << EOF
|
||||
tunnel: clawbridge-openclaw
|
||||
credentials-file: /root/.cloudflared/tunnel-credentials.json
|
||||
|
||||
ingress:
|
||||
- hostname: openclaw-dashboard.trycloudflare.com
|
||||
service: http://localhost:3000
|
||||
- service: http_status:404
|
||||
EOF
|
||||
|
||||
# Run tunnel
|
||||
cloudflared tunnel run clawbridge-openclaw
|
||||
```
|
||||
|
||||
### Persistent Tunnel Service
|
||||
|
||||
```bash
|
||||
# Create systemd service
|
||||
sudo cat > /etc/systemd/system/cloudflared-clawbridge.service << EOF
|
||||
[Unit]
|
||||
Description=Cloudflare Tunnel for ClawBridge Dashboard
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
ExecStart=/usr/local/bin/cloudflared tunnel run clawbridge-openclaw
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
# Enable and start
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable cloudflared-clawbridge
|
||||
sudo systemctl start cloudflared-clawbridge
|
||||
```
|
||||
|
||||
### Access Dashboard
|
||||
|
||||
- **Local:** http://localhost:3000
|
||||
- **Remote:** https://openclaw-dashboard.trycloudflare.com
|
||||
|
||||
### Mobile PWA
|
||||
|
||||
1. Open ClawBridge on mobile browser
|
||||
2. Tap "Share" → "Add to Home Screen"
|
||||
3. Launch as standalone app
|
||||
|
||||
### Features
|
||||
|
||||
- **Live Activity Feed** - Real-time WebSocket event streaming
|
||||
- **Token Economy Tracking** - Cost per agent/model
|
||||
- **Cost Control Center** - 10 automated diagnostics
|
||||
- **Memory Timeline** - Episodic memory visualization
|
||||
- **Mission Control** - Cron triggers, service restarts
|
||||
- **System Health** - CPU, RAM, disk, temperature
|
||||
|
||||
---
|
||||
|
||||
### Plugin Extensions
|
||||
|
||||
| Plugin | Source | Purpose | Security Level |
|
||||
@@ -545,6 +828,221 @@ This section covers external projects and services that integrate with Heretek O
|
||||
|---------|------|---------|
|
||||
| **[Langfuse](../operations/LANGFUSE_OBSERVABILITY.md)** | Self-hosted | A2A tracing, cost tracking, analytics |
|
||||
|
||||
---
|
||||
|
||||
## Langfuse Observability Deployment
|
||||
|
||||
Langfuse is an open-source LLM observability platform that provides comprehensive tracing, monitoring, and analytics for OpenClaw deployments. See [`docs/operations/LANGFUSE_OBSERVABILITY.md`](../operations/LANGFUSE_OBSERVABILITY.md) for full documentation.
|
||||
|
||||
### Quick Start
|
||||
|
||||
```bash
|
||||
# 1. Copy environment template
|
||||
cp docs/operations/langfuse/.env.example .env.langfuse
|
||||
|
||||
# 2. Generate secure secrets
|
||||
export LANGFUSE_SALT=$(openssl rand -hex 32)
|
||||
export LANGFUSE_NEXTAUTH_SECRET=$(openssl rand -hex 32)
|
||||
export LANGFUSE_POSTGRES_PASSWORD=$(openssl rand -base64 32)
|
||||
|
||||
# 3. Add to .env file
|
||||
echo "LANGFUSE_SALT=$LANGFUSE_SALT" >> .env
|
||||
echo "LANGFUSE_NEXTAUTH_SECRET=$LANGFUSE_NEXTAUTH_SECRET" >> .env
|
||||
echo "LANGFUSE_POSTGRES_PASSWORD=$LANGFUSE_POSTGRES_PASSWORD" >> .env
|
||||
echo "LANGFUSE_ENABLED=true" >> .env
|
||||
|
||||
# 4. Start Langfuse
|
||||
docker compose up -d langfuse langfuse-postgres
|
||||
|
||||
# 5. Verify deployment
|
||||
docker compose ps | grep langfuse
|
||||
```
|
||||
|
||||
### Access Langfuse Dashboard
|
||||
|
||||
1. **Open dashboard:** http://localhost:3000
|
||||
2. **Create admin account:** First user becomes admin
|
||||
3. **Get API keys:** Navigate to Project Settings → API Keys
|
||||
4. **Configure OpenClaw:** Add keys to `.env` and `openclaw.json`
|
||||
|
||||
### Configuration
|
||||
|
||||
#### Environment Variables (`.env`)
|
||||
|
||||
```bash
|
||||
# Langfuse Server
|
||||
LANGFUSE_PORT=3000
|
||||
LANGFUSE_ENABLED=true
|
||||
|
||||
# Security (generate with openssl rand -hex 32)
|
||||
LANGFUSE_SALT=<your-salt>
|
||||
LANGFUSE_NEXTAUTH_SECRET=<your-secret>
|
||||
LANGFUSE_POSTGRES_PASSWORD=<your-db-password>
|
||||
|
||||
# Feature Flags
|
||||
LANGFUSE_TELEMETRY_ENABLED=false
|
||||
LANGFUSE_SIGN_UP_ENABLED=true
|
||||
|
||||
# Connection Settings (for agents)
|
||||
LANGFUSE_HOST=http://heretek-langfuse:3000
|
||||
LANGFUSE_EXTERNAL_HOST=http://localhost:3000
|
||||
|
||||
# API Keys (generated after first login)
|
||||
LANGFUSE_PUBLIC_KEY=pk-lf-xxxxxxxxxxxxxxxx
|
||||
LANGFUSE_SECRET_KEY=sk-lf-xxxxxxxxxxxxxxxx
|
||||
|
||||
# Agent Integration
|
||||
LANGFUSE_RELEASE=2.0.3
|
||||
LANGFUSE_ENVIRONMENT=production
|
||||
```
|
||||
|
||||
#### OpenClaw Configuration (`openclaw.json`)
|
||||
|
||||
```json
|
||||
{
|
||||
"observability": {
|
||||
"langfuse": {
|
||||
"enabled": true,
|
||||
"publicKey": "pk-lf-...",
|
||||
"secretKey": "sk-lf-...",
|
||||
"host": "http://localhost:3000",
|
||||
"release": "2.0.3",
|
||||
"environment": "production"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Agent Integration
|
||||
|
||||
Copy the integration example to your agent code:
|
||||
|
||||
```bash
|
||||
# Copy integration example
|
||||
cp docs/operations/langfuse/agent-integration-example.js \
|
||||
agents/lib/langfuse-integration.js
|
||||
```
|
||||
|
||||
#### Example: Trace A2A Message
|
||||
|
||||
```javascript
|
||||
const { traceA2AMessage } = require('./lib/langfuse-integration');
|
||||
|
||||
// Trace A2A deliberation message
|
||||
await traceA2AMessage({
|
||||
sessionId: 'session-123',
|
||||
agentId: 'steward',
|
||||
recipientAgent: 'alpha',
|
||||
message: {
|
||||
role: 'user',
|
||||
content: 'Initiating triad deliberation...',
|
||||
type: 'deliberation-request'
|
||||
}
|
||||
});
|
||||
```
|
||||
|
||||
#### Example: Track LLM Costs
|
||||
|
||||
```javascript
|
||||
const { trackLLMUsage } = require('./lib/langfuse-integration');
|
||||
|
||||
// Track LLM usage with cost
|
||||
await trackLLMUsage({
|
||||
agentId: 'steward',
|
||||
model: 'minimax/MiniMax-M2.7',
|
||||
usage: {
|
||||
promptTokens: 1500,
|
||||
completionTokens: 500,
|
||||
totalTokens: 2000
|
||||
},
|
||||
response: { content: 'Agent response...' }
|
||||
});
|
||||
```
|
||||
|
||||
### Monitoring Dashboards
|
||||
|
||||
Langfuse provides pre-configured dashboards for:
|
||||
|
||||
- **Agent Overview** - Real-time agent activities and costs
|
||||
- **A2A Communication** - Deliberation flows and consensus tracking
|
||||
- **Cost Tracking** - Breakdown by agent, model, and time
|
||||
- **Session Analytics** - User session tracking
|
||||
|
||||
Import dashboard configurations from [`docs/operations/langfuse/dashboards.json`](../operations/langfuse/dashboards.json).
|
||||
|
||||
### Alerts Configuration
|
||||
|
||||
Configure alerts in Langfuse Dashboard (Settings → Alerts):
|
||||
|
||||
| Alert | Condition | Severity |
|
||||
|-------|-----------|----------|
|
||||
| High Latency | P95 > 5000ms | Warning |
|
||||
| Cost Threshold | Daily > $50 | Critical |
|
||||
| Error Rate | > 5% | Critical |
|
||||
| Consensus Failure | > 3 failures/hour | Warning |
|
||||
|
||||
### Backup Langfuse Data
|
||||
|
||||
```bash
|
||||
# Create backup directory
|
||||
mkdir -p ~/langfuse/backups
|
||||
|
||||
# Backup PostgreSQL
|
||||
docker compose exec -T langfuse-postgres \
|
||||
pg_dump -U langfuse langfuse > \
|
||||
~/langfuse/backups/langfuse-$(date +%Y%m%d-%H%M%S).sql
|
||||
|
||||
# Keep last 7 days
|
||||
find ~/langfuse/backups -name "*.sql" -mtime +7 -delete
|
||||
```
|
||||
|
||||
#### Automated Backups (Cron)
|
||||
|
||||
```bash
|
||||
# Add to crontab
|
||||
(crontab -l 2>/dev/null; echo "0 2 * * * /root/heretek/heretek-openclaw/docs/operations/langfuse/backup.sh") | crontab -
|
||||
```
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
```bash
|
||||
# Check Langfuse status
|
||||
docker compose ps langfuse
|
||||
|
||||
# View Langfuse logs
|
||||
docker compose logs -f langfuse
|
||||
|
||||
# Test Langfuse health
|
||||
curl http://localhost:3000/api/health
|
||||
|
||||
# Check database connection
|
||||
docker compose exec langfuse-postgres \
|
||||
psql -U langfuse -c "SELECT 1;"
|
||||
|
||||
# Restart Langfuse
|
||||
docker compose restart langfuse
|
||||
|
||||
# Reset Langfuse (WARNING: deletes all data)
|
||||
docker compose down langfuse langfuse-postgres
|
||||
docker volume rm heretek-openclaw_langfuse_postgres_data
|
||||
```
|
||||
|
||||
### Production Deployment
|
||||
|
||||
1. **Enable HTTPS** with reverse proxy (nginx/traefik)
|
||||
2. **Restrict access** with firewall rules
|
||||
3. **Use managed PostgreSQL** for production scale
|
||||
4. **Configure SSO** for team access
|
||||
5. **Set up alert webhooks** for Slack/Discord
|
||||
|
||||
### References
|
||||
|
||||
- [`docs/operations/LANGFUSE_OBSERVABILITY.md`](../operations/LANGFUSE_OBSERVABILITY.md) - Full Langfuse documentation
|
||||
- [`docs/operations/langfuse/.env.example`](../operations/langfuse/.env.example) - Environment template
|
||||
- [`docs/operations/langfuse/agent-integration-example.js`](../operations/langfuse/agent-integration-example.js) - Integration examples
|
||||
- [`docs/operations/langfuse/dashboards.json`](../operations/langfuse/dashboards.json) - Dashboard configurations
|
||||
- [Langfuse Official Docs](https://langfuse.com/docs) - Upstream documentation
|
||||
|
||||
### Quick Install Commands
|
||||
|
||||
```bash
|
||||
@@ -552,9 +1050,12 @@ This section covers external projects and services that integrate with Heretek O
|
||||
git clone https://github.com/tugcantopaloglu/openclaw-dashboard.git
|
||||
cd openclaw-dashboard && node server.js
|
||||
|
||||
# ClawBridge (mobile-first dashboard)
|
||||
# ClawBridge (mobile-first dashboard with remote access)
|
||||
curl -sL https://clawbridge.app/install.sh | bash
|
||||
|
||||
# ClawBridge with Cloudflare Tunnel (remote access enabled)
|
||||
curl -sL https://clawbridge.app/install.sh | bash -s -- --tunnel
|
||||
|
||||
# skill-git-official (skill version control)
|
||||
openclaw bundles install clawhub:skill-git-official
|
||||
|
||||
@@ -570,16 +1071,45 @@ curl -fsSL https://swarmclaw.ai/install.sh | bash
|
||||
| Project | Risk Level | Notes |
|
||||
|---------|------------|-------|
|
||||
| OpenClaw Dashboard | ✅ Low | PBKDF2 hashing, TOTP MFA, local-only by default |
|
||||
| ClawBridge | ✅ Low | MIT licensed, Cloudflare tunnel, access key auth |
|
||||
| ClawBridge | ✅ Low | MIT licensed, Cloudflare tunnel, access key auth, no open ports |
|
||||
| skill-git-official | ⚠️ Medium | Contains prompt-injection patterns, broad filesystem access |
|
||||
| episodic-claw | ⚠️ Medium | Downloads native Go binary, external API calls |
|
||||
| SwarmClaw | ✅ Low | MIT licensed, 17 provider support |
|
||||
|
||||
### Access Key Setup (ClawBridge)
|
||||
|
||||
1. **Generate access key:**
|
||||
```bash
|
||||
openssl rand -hex 32
|
||||
```
|
||||
|
||||
2. **Add to ClawBridge `.env`:**
|
||||
```bash
|
||||
CLAWBRIDGE_ACCESS_KEY=<generated-key>
|
||||
```
|
||||
|
||||
3. **Add to Gateway `openclaw.json`:**
|
||||
```json
|
||||
{
|
||||
"dashboard": {
|
||||
"clawbridge": {
|
||||
"accessKey": "<same-key>"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
4. **Verify authentication:**
|
||||
```bash
|
||||
curl -H "Authorization: Bearer <your-key>" http://localhost:3000/api/agents
|
||||
```
|
||||
|
||||
**Recommendations:**
|
||||
- Review [`EXTERNAL_PROJECTS.md`](../EXTERNAL_PROJECTS.md) for detailed security information
|
||||
- Test external plugins in sandbox environment before production use
|
||||
- Verify all external binaries before execution
|
||||
- Keep secrets out of skill files before version control operations
|
||||
- Rotate ClawBridge access keys periodically
|
||||
|
||||
---
|
||||
|
||||
@@ -589,6 +1119,8 @@ curl -fsSL https://swarmclaw.ai/install.sh | bash
|
||||
- [`CONFIGURATION.md`](CONFIGURATION.md) - Configuration reference
|
||||
- [`OPERATIONS.md`](OPERATIONS.md) - Operations runbooks
|
||||
- [`architecture/GATEWAY_ARCHITECTURE.md`](architecture/GATEWAY_ARCHITECTURE.md) - Gateway details
|
||||
- [`plugins/clawbridge-dashboard/README.md`](plugins/clawbridge-dashboard/README.md) - ClawBridge integration guide
|
||||
- [`EXTERNAL_PROJECTS_GAP_ANALYSIS.md`](EXTERNAL_PROJECTS_GAP_ANALYSIS.md#clawbridge) - ClawBridge gap analysis
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user