Skip to content

Grip your cluster

GitOps-driven Kubernetes platform for deploying OpenClaw

~/pincer-ops
scroll
The Workload

What is OpenClaw?

OpenClaw is a personal AI assistant that actually does things. It runs locally on your hardware, connects to 14+ messaging platforms, and extends through a growing Skills ecosystem.

OpenClaw/OpenClaw 215K+ stars
💬

14+ Platforms

WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Teams, and more.

🧠

AI Skills

ClawHub ecosystem with 50+ integrations. Browser automation, voice, Canvas.

🔒

Privacy-First

Self-hosted, local-first. Your data never leaves your infrastructure.

Gateway Runtime

Node.js gateway on port 18789. WebSocket-based, single-instance, PVC-backed.

Pincer Ops gives OpenClaw a production-grade Kubernetes home with kernel-level sandbox isolation.
GitOps deployment, mTLS, encrypted secrets, automated backups, and Landlock + seccomp-BPF security. One command to deploy it all.

Under Evaluation

What is NemoClaw?

NemoClaw is NVIDIA's open-source reference stack for running OpenClaw assistants safely. It combines OpenShell's sandbox runtime with NVIDIA Nemotron models. We are evaluating NemoClaw's architecture for future integration into Pincer Ops.

NVIDIA/NemoClaw Alpha
Alpha
📦

Blueprint System

Versioned Python orchestration layer managing sandbox creation, security policies, and inference configuration.

🌍

Network Control

Egress filtering with hot-reloadable rules and operator approval. Blocks unauthorized outbound connections from sandboxed agents.

🤖

Multi-Provider Inference

Route inference through NVIDIA NIM, OpenAI, or Anthropic. Privacy router switches providers at runtime without redeployment.

📱

Telegram Bridge

Always-on assistant connected to Telegram with sandboxed execution, monitoring, and conversation history.

We are testing the OpenShell runtime layer that NemoClaw builds upon. A future Pincer Ops milestone may integrate NemoClaw's sandbox isolation, blueprint orchestration, and privacy router for enhanced agent security.

Under Evaluation

What is OpenShell?

OpenShell is NVIDIA's safe, private runtime for autonomous AI agents. It provides sandboxed execution environments governed by declarative YAML policies. We are testing OpenShell for future integration into Pincer Ops to add kernel-level isolation for AI agent workloads.

NVIDIA/OpenShell Apache 2.0
OSS
🛡

Defense in Depth

Four isolation layers: filesystem (Landlock), network (namespaces), process (seccomp-BPF), and inference routing.

🔐

Privacy Router

Strips sandbox credentials, injects backend keys. LLM calls routed through managed endpoints.

📜

Declarative Policies

YAML-based rules. Static policies lock at creation, dynamic policies hot-reload without restart.

Gateway + Supervisor

Gateway manages sandbox lifecycle via gRPC. Supervisor runs as PID 1 enforcing kernel-level isolation.

Pincer Ops currently uses K8s-native security (NetworkPolicy, securityContext, Pod Security Standards) for workload isolation. OpenShell's kernel-level isolation (Landlock, seccomp-BPF, network namespaces) is being evaluated as a future enhancement for defense in depth.

Architecture

Sync wave orchestration

Infrastructure deploys before workloads via ArgoCD sync waves. One kubectl apply reconstructs everything.

Kinder provides waves -5, -4, -2 as built-in addons — ArgoCD skips them automatically.

ArgoCD

-10

Self-managing GitOps controller. App of Apps pattern.

MetalLB

-5 Kinder built-in

L2 LoadBalancer IP allocation for bare-metal.

Envoy Gateway

-4 Kinder built-in

Gateway API ingress. DaemonSet + hostPort routing.

🔒

Sealed Secrets

-3

Encrypted secrets in Git. Cluster-side decryption.

cert-manager

-2 Kinder built-in

TLS certificate automation. Self-signed issuer.

Envoy Config

-1

Gateway + HTTPRoute resources. DaemonSet + hostPort.

OpenClaw

+10

AI Gateway. StatefulSet with PVC-backed storage.

Features

Three commands. Full stack.

bootstrap.sh
$ make up

Bootstrap

Single command creates a Kinder or KIND cluster, installs ArgoCD, and deploys the entire stack. Fully idempotent, run it again and nothing changes.

1/4 Creating cluster (1 CP + 2 workers)...
2/4 Installing ArgoCD...
3/4 Infrastructure (Envoy, Sealed Secrets)...
4/4 Deploying OpenClaw StatefulSet...
✓ Cluster ready. All apps Synced.
$ make status

Sync

ArgoCD watches main branch and auto-syncs. Drift is detected and self-healed. All state is declarative.

Drift detection
Self-heal
  • Sync wave ordering (-10 to +10)
  • ServerSideApply for CRD-heavy apps
$ make logs

Operate

Production-grade operational primitives. NetworkPolicies, daily backups, pre-commit hooks.

117
tests
0
leaks
24h
backups
The Stack

Why each tool exists

Every component in the cluster serves a specific purpose. Remove one and something breaks.

Watches the Git repo and auto-syncs to the cluster. App of Apps pattern, one root Application that discovers everything. Self-heals drift automatically.

Without it: Manual kubectl apply for every change. No drift detection. No sync wave ordering.

Allocates virtual IPs for LoadBalancer Services via L2 ARP announcements. Cloud providers handle this automatically, KIND has no cloud, so MetalLB fills the gap.

Without it: Envoy Gateway's Service stays Pending forever. No ingress IP allocated.

Implements the Gateway API. Runs as a DaemonSet with hostPort on the control-plane node. Routes localhost:80 traffic through an HTTPRoute to OpenClaw.

Without it: OpenClaw runs but is unreachable from your browser. No path from host to pod.

Encrypts Kubernetes Secrets with a public key so they can be committed safely. Only the in-cluster controller has the private key. Daily key backup to ~/.pincer/.

Without it: Can't store secrets in Git, violates the "everything in Git" principle.

Automates certificate issuance and renewal. Self-signed ClusterIssuer for future TLS listeners.

Without it: No automated TLS. Future HTTPS listeners require manual certificate management.

AI assistant gateway. Runs as a StatefulSet with PVC-backed storage, K8s-native security (NetworkPolicy, seccomp, drop ALL capabilities). The application everything else exists to serve.

Without it: There's nothing to deploy. This is the whole point of the platform.
Request path
localhost:80 hostPort map Envoy Gateway HTTPRoute OpenClaw :18789
Ecosystem

The OpenClaw universe

📖

Documentation

Setup guides, API reference, and configuration docs.

 🧩

ClawHub

Skills marketplace. Browse and install 50+ integrations.

 💬

Discord

Join the community. Get help, share Skills, chat with devs.

 🏗

Architecture Explorer

Interactive deep-dive into OpenClaw's internal architecture, modules, and data flow.

GitHub

Source code, issues, and contributions. MIT licensed.
Quick Start

Running in minutes

Prerequisites: Docker, kubectl, Kinder, ArgoCD CLI

01
Fork & clone
terminal
# Fork on GitHub first, then:
$ git clone https://github.com/<you>/pincer-ops.git
$ cd pincer-ops
$ make setup-repo

▸ Configures ArgoCD to sync from your fork (or skip for a quick try)

02
Bootstrap the cluster
terminal
$ make up

▸ Creates Kinder cluster, installs ArgoCD, deploys OpenClaw (~4 min). Use CLUSTER_PROVIDER=kind for KIND.

03
Check status
terminal
$ make status

▸ 5 ArgoCD apps: OpenClaw, Envoy Gateway config, Sealed Secrets, and more

04
Access OpenClaw
terminal
$ make openclaw-onboard
$ make openclaw-dashboard

▸ Onboard configures your LLM provider keys. Dashboard opens the authenticated UI.

05
Pair the dashboard
terminal
$ make openclaw-cli CMD="devices list"
$ make openclaw-cli CMD="devices approve <requestId>"

▸ Approve the pending device, then click Connect again in the dashboard

Cloning without forking? make up still works — bootstrap falls back to local apply when ArgoCD can't reach the remote.