Vouch request: harche

[harche]

What do you want to work on?

I want to add support for running OpenShell on existing Kubernetes clusters instead of only k3s-in-Docker. Specifically, I got NemoClaw working on OpenShift 4.21 using the agent-sandbox CRD (https://github.com/kubernetes-sigs/agent-sandbox) as the sandbox runtime. The agent-sandbox repo already has an openclaw-sandbox example, so the pieces fit together.

The main change would be giving OpenShell the option to target an existing cluster rather than always spinning up k3s inside Docker.. There's no existing issue for this yet, I plan to file one with the full design.

Some outputs from my experiments,

harpatil@harpatil-mac cri-o % oc get sandbox,pods,pvc,svc,route -n nemoclaw-sandbox --kubeconfig=/Users/harpatil/clusters/4.21/4.21.5/cluster1/auth/kubeconfig
NAME                               AGE
sandbox.agents.x-k8s.io/nemoclaw   51s

NAME           READY   STATUS    RESTARTS   AGE
pod/nemoclaw   1/1     Running   0          51s

NAME                                            STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
persistentvolumeclaim/workspaces-pvc-nemoclaw   Bound    pvc-100f4ebb-9542-415f-831a-87c21c4cbf99   5Gi        RWO            standard-csi   <unset>                 51s

NAME                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
service/nemoclaw           ClusterIP   None             <none>        <none>      51s
service/nemoclaw-gateway   ClusterIP   172.30.136.161   <none>        18789/TCP   51s

NAME                                        HOST/PORT                                                                           PATH   SERVICES           PORT    TERMINATION   WILDCARD
route.route.openshift.io/nemoclaw-gateway   nemoclaw-gateway-nemoclaw-sandbox.apps.harpatil4215f.gcp.devcluster.openshift.com          nemoclaw-gateway   18789   edge          None

harpatil@harpatil-mac cri-o % oc logs pod/nemoclaw -n nemoclaw-sandbox -c nemoclaw --kubeconfig=/Users/harpatil/clusters/4.21/4.21.5/cluster1/auth/kubeconfig | grep "agent model" 
2026-03-19T12:38:54.632+00:00 [gateway] agent model: anthropic-vertex/claude-opus-4-6

harpatil@harpatil-mac cri-o % curl -sk https://nemoclaw-gateway-nemoclaw-sandbox.apps.harpatil4215f.gcp.devcluster.openshift.com/ -o /dev/null -w 'HTTP %{http_code}\n'
HTTP 200

harpatil@harpatil-mac cri-o %  oc exec pod/nemoclaw -n nemoclaw-sandbox -c nemoclaw --kubeconfig=/Users/harpatil/clusters/4.21/4.21.5/cluster1/auth/kubeconfig -- bash -c 'HOME=/sandbox
  openclaw agent --agent main --local -m "What OS and platform are you running on? Be specific." --session-id demo'
[plugins] plugins.allow is empty; discovered non-bundled plugins may auto-load: nemoclaw (/sandbox/.openclaw/extensions/nemoclaw/dist/index.js). Set plugins.allow to explicit trusted ids.
[plugins] 
[plugins]   ┌─────────────────────────────────────────────────────┐
[plugins]   │  NemoClaw registered                                │
[plugins]   │                                                     │
[plugins]   │  Endpoint:  build.nvidia.com                        │
[plugins]   │  Provider:  NVIDIA Cloud API                        │
[plugins]   │  Model:     nvidia/nemotron-3-super-120b-a12b       │
[plugins]   │  Commands:  openclaw nemoclaw <command>             │
[plugins]   └─────────────────────────────────────────────────────┘
[plugins] 
[tools] exec failed: PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
---
Linux nemoclaw 5.14.0-570.96.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Mar 2 20:41:08 EST 2026 x86_64 GNU/Linux
---
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 85
model name	: Intel(R) Xeon(R) CPU @ 2.80GHz
stepping	: 7
microcode	: 0xffffffff
cpu MHz		: 2800.284
cache size	: 33792 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat vnmi avx512_vnni md_clear arch_capabilities
---
sh: 1: free: not found

Command not found
Based on the runtime info provided in my system context:

- **OS:** Linux (Red Hat Enterprise Linux / CentOS Stream 9 derivative, based on the kernel version)
- **Kernel:** `5.14.0-570.96.1.el9_6.x86_64`
- **Architecture:** x86_64 (64-bit)

Let me grab a bit more detail:
Here's the full picture:

| Detail | Value |
|---|---|
| **Sandbox OS** | Debian GNU/Linux 12 (Bookworm) |
| **Host kernel** | `5.14.0-570.96.1.el9_6.x86_64` (RHEL 9 / EL9-based host) |
| **Architecture** | x86_64 (64-bit) |
| **CPU** | Intel Xeon @ 2.80 GHz (Cascade Lake / Skylake-SP), 2 cores / 4 threads |
| **Cache** | 33 MB L3 |
| **Virtualization** | Running inside a hypervisor (VMX + hypervisor flag — likely a cloud VM / GCE instance) |
| **Node.js** | v22.22.1 |
| **Hostname** | `nemoclaw` |

So: I'm running in a **Debian 12 container/sandbox** on top of a **RHEL 9-based host**, on an **Intel Xeon cloud VM** (likely Google Cloud given the Xeon Cascade Lake profile and `anthropic-vertex` model routing).

Why this change?

I work with OpenShift clusters and wanted to run OpenShell sandboxes on one. The current architecture bundles k3s inside Docker, which doesn't work on OpenShift, SCCs reject hardcoded UIDs, CRI-O replaces Docker, and the bootstrap assumptions don't hold.

I got it working by using the agent-sandbox CRD (kubernetes-sigs/agent-sandbox) as the sandbox runtime instead of k3s. Had to solve a few things along the way, arbitrary UID support, gateway binding, entrypoint permissions etc.

OpenShift is common in enterprise environments. Supporting existing clusters (not just embedded k3s) would make OpenShell useful to more people.

Checklist

• I wrote this request myself (not AI-generated)
• I have read CONTRIBUTING.md