Quick Start

Prerequisites

• Kubernetes 1.28+
• Helm 3

1. Install the operator

helm install openclaw-operator \
  oci://ghcr.io/openclaw-rocks/charts/openclaw-operator \
  --namespace openclaw-operator-system \
  --create-namespace

2. Create a namespace and API key Secret

kubectl create namespace openclaw

kubectl create secret generic openclaw-api-keys \
  --namespace openclaw \
  --from-literal=ANTHROPIC_API_KEY=sk-your-key

3. Deploy an instance

kubectl apply -f - <<EOF
apiVersion: openclaw.rocks/v1alpha1
kind: OpenClawInstance
metadata:
  name: my-agent
  namespace: openclaw
spec:
  envFrom:
    - secretRef:
        name: openclaw-api-keys
  storage:
    persistence:
      enabled: true
      size: 10Gi
EOF

4. Verify

# Check instance status
kubectl get openclawinstance -n openclaw

# Check pods
kubectl get pods -n openclaw

The instance should reach Running phase within a minute or two.

What happens next

The operator creates a full stack of managed resources for your instance:

• ServiceAccount, Role, RoleBinding for pod identity (least-privilege RBAC)
• NetworkPolicy for default-deny network isolation
• ConfigMap for OpenClaw configuration
• PersistentVolumeClaim for data storage
• PodDisruptionBudget for disruption protection
• StatefulSet with the OpenClaw container
• Service for in-cluster access
• Gateway token Secret for API authentication

Configuration

You can configure OpenClaw via inline JSON in the CR:

spec:
  config:
    raw:
      mcpServers:
        filesystem:
          command: npx
          args: ["-y", "@modelcontextprotocol/server-filesystem", "/data"]

Or reference an external ConfigMap:

spec:
  config:
    configMapRef:
      name: my-openclaw-config
      key: openclaw.json

Next steps

• Deployment Guide for platform-specific instructions (EKS, GKE, AKS)
• Custom Providers for self-hosted LLMs (Ollama, vLLM)
• API Reference for all available CRD fields