feat: Helm chart for Kubernetes deployment#2
Open
nickmarden wants to merge 6 commits intofeat/openclaw-api-backendfrom
Open
feat: Helm chart for Kubernetes deployment#2nickmarden wants to merge 6 commits intofeat/openclaw-api-backendfrom
nickmarden wants to merge 6 commits intofeat/openclaw-api-backendfrom
Conversation
nickmarden
force-pushed
the
feat/openclaw-api-backend
branch
from
53036c8 to
e9a9881
Compare
Helm chart deploying Pinchy + OpenClaw + optional PostgreSQL to K8s. Secrets auto-generate on first install and preserve on upgrade. Gateway token shared via K8s Secret; plugins synced via initContainer. Includes CI workflows to build/push container images on tags and PRs, with automatic cleanup of PR images after 15 days.
pull_request events use the workflow from the base branch, so the workflow must exist on main before it can fire. Switch to push-to-branch triggers which use the workflow from the pushed branch itself. Branch builds get tags like feat-helm-chart and feat-helm-chart-abc1234. Cleanup regex updated to match conventional branch prefixes.
Use type=ref for both tags so slashes in branch names like feat/helm-chart are normalized to feat-helm-chart. Also gitignore lab-values.yaml files in Helm charts.
Plugins were mounted at /openclaw-extensions but OpenClaw looks for them at /root/.openclaw/extensions/. This caused config.set to fail with "invalid config" because plugin IDs referenced in the config didn't exist. Also bump Pinchy probe delays for Next.js cold start.
OpenClaw takes ~30s to restart after config.set, plus additional time for WebSocket reconnection and device re-pairing. The 30s default was too tight, especially in Kubernetes where startup is slower. The timeout is now configurable via OPENCLAW_RECONNECT_TIMEOUT_MS.
nickmarden
force-pushed
the
feat/helm-chart
branch
from
4b9f961 to
3d10e5c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds a Helm chart for deploying Pinchy + OpenClaw + optional PostgreSQL to Kubernetes, plus CI workflows to build and publish container images to GHCR.
Depends on #1
Type of change
Changes
deploy/helm/pinchy/): Deploys Pinchy (Deployment), OpenClaw (StatefulSet), and optional PostgreSQL (StatefulSet) behind a single Ingress with WebSocket annotationslookup(Creel pattern)openclaw.jsonwith the token, Pinchy reads it from a file mountemptyDir, keeping plugins in lockstep with the Pinchy versiondocker-publish.yml: Builds both container images on version tags (semver) and branch pushes (mutable + SHA-pinned tags)docker-cleanup.yml: Daily scheduled cleanup of branch-tagged images older than 15 daysentrypoint.sh: Makeschown /openclaw-configconditional so it works in API mode where the shared volume doesn't existChecklist