OpenClaw 一键安装最佳实践

通过 Jenkins 自动部署到 K8S 集群

📋 目录

前置准备
环境要求
资源准备
Jenkins 流水线配置
K8S 部署配置
一键安装脚本
验证与测试
故障排查

🚨 前置准备

1. 环境检查清单

K8S 集群可用（v1.20+）
Jenkins 已安装（v2.553+）
GitLab 已配置
Docker 镜像仓库可用
kubectl 已安装并配置
Helm v3（可选）

2. 权限准备

K8S ServiceAccount（部署权限）
Jenkins K8S 凭证
GitLab API Token
Docker Registry 凭证

💻 环境要求

硬件要求

组件	CPU	内存	存储
K8S 集群	4 核 +	8GB+	50GB+
Jenkins	2 核 +	4GB+	20GB+
OpenClaw	2 核 +	4GB+	10GB+

软件要求

软件	版本	说明
Kubernetes	v1.20+	K8S 集群
Jenkins	v2.553+	CI/CD 平台
Docker	v20.10+	容器引擎
kubectl	v1.20+	K8S 命令行工具
Helm	v3.0+	K8S 包管理（可选）
Git	v2.30+	版本控制

📦 资源准备

1. GitLab 仓库

OpenClaw/
├── openclaw-core/           # 核心代码
├── openclaw-gateway/        # 网关服务
├── openclaw-agent/          # Agent 服务
├── openclaw-ui/             # 前端界面
├── k8s-manifests/           # K8S 部署配置
└── jenkins/                 # Jenkins 流水线
    └── Jenkinsfile

2. Docker 镜像

镜像仓库：hb.test/openclaw
镜像列表:
  - openclaw-core:latest
  - openclaw-gateway:latest
  - openclaw-agent:latest
  - openclaw-ui:latest

3. K8S 资源配置

# openclaw-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: openclaw
  labels:
    name: openclaw

---
# openclaw-core-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openclaw-core
  namespace: openclaw
spec:
  replicas: 2
  selector:
    matchLabels:
      app: openclaw-core
  template:
    metadata:
      labels:
        app: openclaw-core
    spec:
      containers:
      - name: openclaw-core
        image: hb.test/openclaw/openclaw-core:latest
        ports:
        - containerPort: 8080
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"
        env:
        - name: DB_HOST
          value: "mysql.openclaw.svc.cluster.local"
        - name: DB_PORT
          value: "3306"
        - name: DB_NAME
          value: "openclaw"
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: openclaw-db-secret
              key: username
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: openclaw-db-secret
              key: password

---
# openclaw-core-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: openclaw-core
  namespace: openclaw
spec:
  selector:
    app: openclaw-core
  ports:
  - port: 80
    targetPort: 8080
  type: ClusterIP

---
# openclaw-gateway-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openclaw-gateway
  namespace: openclaw
spec:
  replicas: 2
  selector:
    matchLabels:
      app: openclaw-gateway
  template:
    metadata:
      labels:
        app: openclaw-gateway
    spec:
      containers:
      - name: openclaw-gateway
        image: hb.test/openclaw/openclaw-gateway:latest
        ports:
        - containerPort: 3000
        resources:
          requests:
            memory: "256Mi"
            cpu: "100m"
          limits:
            memory: "512Mi"
            cpu: "200m"

---
# openclaw-gateway-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: openclaw-gateway
  namespace: openclaw
spec:
  selector:
    app: openclaw-gateway
  ports:
  - port: 80
    targetPort: 3000
  type: NodePort
  externalTrafficPolicy: Local
  nodePort: 32080

---
# openclaw-agent-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openclaw-agent
  namespace: openclaw
spec:
  replicas: 3
  selector:
    matchLabels:
      app: openclaw-agent
  template:
    metadata:
      labels:
        app: openclaw-agent
    spec:
      containers:
      - name: openclaw-agent
        image: hb.test/openclaw/openclaw-agent:latest
        ports:
        - containerPort: 5000
        resources:
          requests:
            memory: "1Gi"
            cpu: "500m"
          limits:
            memory: "2Gi"
            cpu: "1000m"
        env:
        - name: CORE_URL
          value: "http://openclaw-core.openclaw.svc.cluster.local"

---
# openclaw-agent-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: openclaw-agent
  namespace: openclaw
spec:
  selector:
    app: openclaw-agent
  ports:
  - port: 5000
    targetPort: 5000
  type: ClusterIP

4. 数据库配置

# mysql-deployment.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pvc
  namespace: openclaw
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

---
# mysql-deployment.yaml (续)
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  namespace: openclaw
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8.0
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: openclaw-db-secret
              key: root-password
        - name: MYSQL_DATABASE
          value: "openclaw"
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: openclaw-db-secret
              key: username
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: openclaw-db-secret
              key: password
        volumeMounts:
        - name: mysql-storage
          mountPath: /var/lib/mysql
      volumes:
      - name: mysql-storage
        persistentVolumeClaim:
          claimName: mysql-pvc

---
# mysql-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: mysql
  namespace: openclaw
spec:
  selector:
    app: mysql
  ports:
  - port: 3306
    targetPort: 3306
  type: ClusterIP

5. K8S Secrets

# 创建数据库凭证
kubectl create secret generic openclaw-db-secret \
  --from-literal=root-password='Root@123456' \
  --from-literal=username='openclaw_user' \
  --from-literal=password='User@123456' \
  -n openclaw

🔧 Jenkins 流水线配置

Jenkinsfile

pipeline {
    agent any
    
    environment {
        KUBECONFIG = credentials('k8s-kubeconfig')
        DOCKER_REGISTRY = 'hb.test'
        DOCKER_IMAGE_PREFIX = 'openclaw'
        K8S_NAMESPACE = 'openclaw'
    }
    
    parameters {
        string(name: 'VERSION', defaultValue: 'latest', description: '部署版本')
        booleanParam(name: 'FORCE_REBUILD', defaultValue: false, description: '强制重新构建镜像')
    }
    
    stages {
        stage('Checkout') {
            steps {
                echo '📦 拉取代码...'
                git branch: 'main', 
                    url: 'http://192.168.100.191:9910/tech-platfom/openclaw.git',
                    credentialsId: 'gitlab-credentials'
            }
        }
        
        stage('Build & Push Images') {
            when {
                expression { return params.FORCE_REBUILD }
            }
            parallel {
                stage('Build Core') {
                    steps {
                        echo '🔨 构建 Core 镜像...'
                        dir('openclaw-core') {
                            sh """
                                docker build -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-core:${VERSION} .
                                docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-core:${VERSION}
                            """
                        }
                    }
                }
                
                stage('Build Gateway') {
                    steps {
                        echo '🔨 构建 Gateway 镜像...'
                        dir('openclaw-gateway') {
                            sh """
                                docker build -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-gateway:${VERSION} .
                                docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-gateway:${VERSION}
                            """
                        }
                    }
                }
                
                stage('Build Agent') {
                    steps {
                        echo '🔨 构建 Agent 镜像...'
                        dir('openclaw-agent') {
                            sh """
                                docker build -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-agent:${VERSION} .
                                docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-agent:${VERSION}
                            """
                        }
                    }
                }
                
                stage('Build UI') {
                    steps {
                        echo '🔨 构建 UI 镜像...'
                        dir('openclaw-ui') {
                            sh """
                                docker build -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-ui:${VERSION} .
                                docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-ui:${VERSION}
                            """
                        }
                    }
                }
            }
        }
        
        stage('Deploy to K8S') {
            steps {
                echo '🚀 部署到 K8S 集群...'
                
                script {
                    // 创建命名空间
                    sh """
                        kubectl apply -f k8s-manifests/openclaw-namespace.yaml
                    """
                    
                    // 创建 Secrets
                    sh """
                        kubectl create secret generic openclaw-db-secret \\
                          --from-literal=root-password='Root@123456' \\
                          --from-literal=username='openclaw_user' \\
                          --from-literal=password='User@123456' \\
                          -n ${K8S_NAMESPACE} \\
                          --dry-run=client -o yaml | kubectl apply -f -
                    """
                    
                    // 部署所有资源
                    sh """
                        kubectl apply -f k8s-manifests/ -n ${K8S_NAMESPACE}
                    """
                    
                    // 更新镜像版本
                    sh """
                        kubectl set image deployment/openclaw-core \\
                          openclaw-core=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-core:${VERSION} \\
                          -n ${K8S_NAMESPACE}
                        
                        kubectl set image deployment/openclaw-gateway \\
                          openclaw-gateway=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-gateway:${VERSION} \\
                          -n ${K8S_NAMESPACE}
                        
                        kubectl set image deployment/openclaw-agent \\
                          openclaw-agent=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-agent:${VERSION} \\
                          -n ${K8S_NAMESPACE}
                        
                        kubectl set image deployment/openclaw-ui \\
                          openclaw-ui=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}/openclaw-ui:${VERSION} \\
                          -n ${K8S_NAMESPACE}
                    """
                }
            }
        }
        
        stage('Health Check') {
            steps {
                echo '⏳ 等待部署完成...'
                script {
                    timeout(time: 5, unit: 'MINUTES') {
                        sh """
                            kubectl rollout status deployment/openclaw-core -n ${K8S_NAMESPACE}
                            kubectl rollout status deployment/openclaw-gateway -n ${K8S_NAMESPACE}
                            kubectl rollout status deployment/openclaw-agent -n ${K8S_NAMESPACE}
                            kubectl rollout status deployment/openclaw-ui -n ${K8S_NAMESPACE}
                        """
                    }
                }
                
                echo '✅ 健康检查...'
                script {
                    timeout(time: 2, unit: 'MINUTES') {
                        waitForURL(
                            url: 'http://openclaw-gateway.openclaw.svc.cluster.local/health',
                            timeout: 120000
                        )
                    }
                }
            }
        }
    }
    
    post {
        success {
            echo '✅ 部署成功！'
            
            // 获取访问地址
            sh """
                NODE_PORT=\$(kubectl get svc openclaw-gateway -n ${K8S_NAMESPACE} -o jsonpath='{.spec.ports[0].nodePort}')
                NODE_IP=\$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
                echo "===================================="
                echo "✅ OpenClaw 部署成功！"
                echo "===================================="
                echo "访问地址：http://\\${NODE_IP}:\\${NODE_PORT}"
                echo "===================================="
            """
        }
        
        failure {
            echo '❌ 部署失败！'
            
            // 收集错误日志
            sh """
                echo "=== Core Logs ==="
                kubectl logs -l app=openclaw-core -n ${K8S_NAMESPACE} --tail=50
                
                echo "=== Gateway Logs ==="
                kubectl logs -l app=openclaw-gateway -n ${K8S_NAMESPACE} --tail=50
                
                echo "=== Agent Logs ==="
                kubectl logs -l app=openclaw-agent -n ${K8S_NAMESPACE} --tail=50
            """
        }
    }
}

📝 一键安装脚本

install-openclaw.sh

#!/bin/bash
set -e

echo "======================================"
echo "  OpenClaw 一键安装脚本"
echo "======================================"

# 配置变量
K8S_NAMESPACE="openclaw"
DOCKER_REGISTRY="hb.test"
DOCKER_IMAGE_PREFIX="openclaw"
VERSION="latest"

# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# 检查前置条件
check_prerequisites() {
    echo -e "${YELLOW}📋 检查前置条件...${NC}"
    
    # 检查 kubectl
    if ! command -v kubectl &> /dev/null; then
        echo -e "${RED}❌ kubectl 未安装${NC}"
        exit 1
    fi
    
    # 检查 K8S 连接
    if ! kubectl cluster-info &> /dev/null; then
        echo -e "${RED}❌ 无法连接到 K8S 集群${NC}"
        exit 1
    fi
    
    # 检查 Docker
    if ! command -v docker &> /dev/null; then
        echo -e "${RED}❌ Docker 未安装${NC}"
        exit 1
    fi
    
    echo -e "${GREEN}✅ 前置检查通过${NC}"
}

# 创建命名空间
create_namespace() {
    echo -e "${YELLOW}📦 创建命名空间...${NC}"
    kubectl create namespace ${K8S_NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -
    echo -e "${GREEN}✅ 命名空间创建完成${NC}"
}

# 创建 Secrets
create_secrets() {
    echo -e "${YELLOW}🔐 创建 Secrets...${NC}"
    kubectl create secret generic openclaw-db-secret \\
      --from-literal=root-password='Root@123456' \\
      --from-literal=username='openclaw_user' \\
      --from-literal=password='User@123456' \\
      -n ${K8S_NAMESPACE} \\
      --dry-run=client -o yaml | kubectl apply -f -
    echo -e "${GREEN}✅ Secrets 创建完成${NC}"
}

# 部署 K8S 资源
deploy_k8s() {
    echo -e "${YELLOW}🚀 部署 K8S 资源...${NC}"
    
    # 应用所有清单
    kubectl apply -f k8s-manifests/ -n ${K8S_NAMESPACE}
    
    echo -e "${GREEN}✅ K8S 资源部署完成${NC}"
}

# 等待部署完成
wait_deployment() {
    echo -e "${YELLOW}⏳ 等待部署完成...${NC}"
    
    kubectl rollout status deployment/openclaw-core -n ${K8S_NAMESPACE}
    kubectl rollout status deployment/openclaw-gateway -n ${K8S_NAMESPACE}
    kubectl rollout status deployment/openclaw-agent -n ${K8S_NAMESPACE}
    kubectl rollout status deployment/openclaw-ui -n ${K8S_NAMESPACE}
    
    echo -e "${GREEN}✅ 所有部署完成${NC}"
}

# 健康检查
health_check() {
    echo -e "${YELLOW}⏳ 执行健康检查...${NC}"
    
    # 等待服务就绪
    sleep 10
    
    # 检查 Pod 状态
    kubectl get pods -n ${K8S_NAMESPACE}
    
    # 检查服务状态
    kubectl get svc -n ${K8S_NAMESPACE}
    
    echo -e "${GREEN}✅ 健康检查通过${NC}"
}

# 获取访问信息
get_access_info() {
    echo -e "${YELLOW}📊 获取访问信息...${NC}"
    
    NODE_PORT=$(kubectl get svc openclaw-gateway -n ${K8S_NAMESPACE} -o jsonpath='{.spec.ports[0].nodePort}')
    NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
    
    echo ""
    echo -e "${GREEN}======================================"
    echo "  ✅ OpenClaw 部署成功！"
    echo "======================================${NC}"
    echo "访问地址：http://${NODE_IP}:${NODE_PORT}"
    echo "命名空间：${K8S_NAMESPACE}"
    echo "======================================"
    echo ""
}

# 主流程
main() {
    check_prerequisites
    create_namespace
    create_secrets
    deploy_k8s
    wait_deployment
    health_check
    get_access_info
    
    echo -e "${GREEN}🎉 安装完成！${NC}"
}

# 执行
main "$@"

✅ 验证与测试

1. 检查 Pod 状态

1	kubectl get pods -n openclaw

预期输出：

NAME                              READY   STATUS    RESTARTS   AGE
openclaw-core-xxxxx-xxxxx         1/1     Running   0          5m
openclaw-gateway-xxxxx-xxxxx      1/1     Running   0          5m
openclaw-agent-xxxxx-xxxxx        1/1     Running   0          5m
openclaw-ui-xxxxx-xxxxx           1/1     Running   0          5m
mysql-xxxxx-xxxxx                 1/1     Running   0          5m

2. 检查服务状态

1	kubectl get svc -n openclaw

预期输出：

NAME               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
openclaw-core      ClusterIP   10.x.x.x        <none>        80/TCP         5m
openclaw-gateway   NodePort    10.x.x.x        <none>        80:32080/TCP   5m
openclaw-agent     ClusterIP   10.x.x.x        <none>        5000/TCP       5m
mysql              ClusterIP   10.x.x.x        <none>        3306/TCP       5m

3. 测试访问

# 获取 NodePort
NODE_PORT=$(kubectl get svc openclaw-gateway -n openclaw -o jsonpath='{.spec.ports[0].nodePort}')
NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')

# 测试访问
curl http://${NODE_IP}:${NODE_PORT}/health

预期输出：

1	{"status":"ok","message":"OpenClaw Gateway is running"}

4. 查看日志

# 查看 Core 日志
kubectl logs -l app=openclaw-core -n openclaw --tail=50

# 查看 Gateway 日志
kubectl logs -l app=openclaw-gateway -n openclaw --tail=50

# 查看 Agent 日志
kubectl logs -l app=openclaw-agent -n openclaw --tail=50

🔧 故障排查

问题 1：Pod 无法启动

症状：

1
2
3

kubectl get pods -n openclaw
NAME                              READY   STATUS             RESTARTS   AGE
openclaw-core-xxxxx-xxxxx         0/1     ImagePullBackOff   0          5m

解决方案：

# 检查镜像是否存在
kubectl describe pod openclaw-core-xxxxx-xxxxx -n openclaw

# 检查镜像拉取凭证
kubectl get secrets -n openclaw

# 手动拉取镜像
docker pull hb.test/openclaw/openclaw-core:latest

问题 2：数据库连接失败

症状：

1	Error: connect ECONNREFUSED 10.x.x.x:3306

解决方案：

# 检查 MySQL Pod
kubectl get pods -l app=mysql -n openclaw

# 检查 MySQL 日志
kubectl logs -l app=mysql -n openclaw

# 检查 Secrets
kubectl get secret openclaw-db-secret -n openclaw -o yaml

# 测试数据库连接
kubectl run -it --rm mysql-client --image=mysql:8.0 --restart=Never -n openclaw -- \\
  mysql -h mysql -u openclaw_user -p

问题 3：服务无法访问

症状：

1	curl: (7) Failed to connect to <IP> port <PORT>: Connection refused

解决方案：

# 检查 Service 配置
kubectl get svc openclaw-gateway -n openclaw -o yaml

# 检查 Endpoint
kubectl get endpoints openclaw-gateway -n openclaw

# 检查 Pod 标签是否匹配
kubectl get pods --show-labels -n openclaw

# 测试集群内访问
kubectl run -it --rm test --image=curlimages/curl --restart=Never -n openclaw -- \\
  curl http://openclaw-gateway/health

问题 4：Jenkins 构建失败

症状：

1	ERROR: Failed to pull image

解决方案：

# 检查 Jenkins Docker 凭证
# Jenkins 管理 → 凭证 → 添加 Docker Registry 凭证

# 检查 Docker 仓库访问
docker login hb.test

# 检查 Jenkins K8S 配置
# Jenkins 管理 → 系统 → Kubernetes cloud

📖 参考链接

一键安装，自动部署，快速上线！🚀

所有配置已脱敏，实际部署时请替换为真实配置！✅