OpenClaw教程
企业级部署
私有化
Docker
Kubernetes
🎬 开篇:当老板说"要上生产"
早上9点01分,CTO把我叫进会议室。
"我们打算下个月把OpenClaw上生产环境,给全公司2000人用。"他看着我说,"你负责部署方案。"
我端着咖啡的手抖了一下。本地跑跑是一回事,2000人同时用是另一回事——高可用、监控、权限、审计、灾备……这哪是部署,这是建一座小城。
好消息是,OpenClaw企业级部署已经有了成熟方案。今天我把这套从开发到生产的完整路径分享给你。
📖 企业级部署核心需求
企业部署和本地开发最大的区别:
- 高可用:99.9% SLA,单点故障不影响服务
- 安全合规:数据不出内网、审计日志、权限隔离
- 可扩展:支持水平扩展,应对业务增长
- 可观测:日志、指标、链路追踪齐全
- 易维护:自动化部署、配置管理、版本控制
🏗️ 架构设计
📐 推荐架构:Kubernetes + 私有镜像仓库
┌─────────────────────────────────────────────┐
│ Load Balancer (Ingress) │
│ (Nginx / HAProxy /云LB) │
└──────────────┬──────────────┬──────────────┘
│ │
┌──────────▼──────┐ ┌────▼──────────┐
│ OpenClaw Pod │ │ OpenClaw Pod │ (多副本)
│ (3+ replicas) │ │ (3+ replicas)│
└──────────┬──────┘ └────┬──────────┘
│ │
└──────┬───────┘
│
┌─────────────▼─────────────┐
│ Redis (Session/Cache) │
│ PostgreSQL (Metadata) │
│ S3-Compatible (Storage) │
└────────────────────────────┘
│
┌─────────────▼─────────────┐
│ Monitoring Stack │
│ Prometheus + Grafana │
│ ELK / Loki (Logs) │
└────────────────────────────┘
🚀 方案一:Docker Compose(快速起步)
适合中小团队(<100人),快速搭建:
# docker-compose.yml
version: '3.8'
services:
openclaw-gateway:
image: openclaw/gateway:2026.5-latest
container_name: openclaw-gateway
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- OPENCLAW_LOG_LEVEL=info
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgresql://user:pass@postgres:5432/openclaw
volumes:
- ./data/gateway:/data
- ./config/gateway:/config
depends_on:
- redis
- postgres
restart: unless-stopped
openclaw-agent:
image: openclaw/agent:2026.5-latest
deploy:
replicas: 3
environment:
- AGENT_MODE=worker
- REDIS_URL=redis://redis:6379
depends_on:
- redis
restart: unless-stopped
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
- redis_data:/data
command: redis-server --appendonly yes
restart: unless-stopped
postgres:
image: postgres:16-alpine
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
POSTGRES_DB: openclaw
volumes:
- pg_data:/var/lib/postgresql/data
restart: unless-stopped
volumes:
redis_data:
pg_data:
启动:
docker-compose up -d docker-compose ps # 检查状态 docker-compose logs -f openclaw-gateway # 查看日志
🎯 方案二:Kubernetes(生产推荐)
适合200人以上团队,支持弹性伸缩:
# openclaw-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: openclaw-gateway
namespace: openclaw-prod
spec:
replicas: 3
selector:
matchLabels:
app: openclaw-gateway
template:
metadata:
labels:
app: openclaw-gateway
spec:
containers:
- name: gateway
image: registry.yourcompany.com/openclaw/gateway:2026.5.20
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: "production"
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: openclaw-secrets
key: redis-url
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "2Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 10
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: openclaw-gateway-svc
namespace: openclaw-prod
spec:
selector:
app: openclaw-gateway
ports:
- port: 80
targetPort: 3000
type: ClusterIP
---
# Horizontal Pod Autoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: openclaw-gateway-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: openclaw-gateway
minReplicas: 3
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
部署:
kubectl apply -f openclaw-deployment.yaml kubectl get pods -n openclaw-prod kubectl logs -f deployment/openclaw-gateway -n openclaw-prod
🔐 权限与多租户
企业环境必须支持多租户隔离:
// config/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: openclaw-prod name: openclaw-tenant-a rules: - apiGroups: [""] resources: ["pods", "services"] verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tenant-a-binding namespace: openclaw-prod subjects: - kind: User name: "team-a@company.com" apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: openclaw-tenant-a apiGroup: rbac.authorization.k8s.io
📊 监控与告警
好的监控系统能提前发现问题:
# prometheus 监控指标示例
# OpenClaw 暴露的 metrics 端点
curl http://openclaw-gateway:3000/metrics
# 关键指标
- openclaw_requests_total{status="200"} # 请求数
- openclaw_request_duration_seconds # 响应时间
- openclaw_skill_executions_total # Skill执行次数
- openclaw_active_sessions # 活跃会话数
# Grafana Dashboard 配置
# 导入 dashboard ID: 1860 (OpenClaw官方模板)
🎯 告警规则示例:
- 错误率 > 5% 持续5分钟 → P1告警
- 响应时间 P99 > 2秒 → P2告警
- Pod重启次数 > 10次/小时 → P3告警
- 磁盘使用率 > 85% → P2告警
- 错误率 > 5% 持续5分钟 → P1告警
- 响应时间 P99 > 2秒 → P2告警
- Pod重启次数 > 10次/小时 → P3告警
- 磁盘使用率 > 85% → P2告警
⚠️ 常见问题
Q1: 如何私有化部署模型?
# 使用本地模型(vLLM / Ollama)
# config/model.yaml
models:
- name: "local-llama3"
provider: "vllm"
endpoint: "http://vllm-service:8000/v1"
apiKey: "${VLLM_API_KEY}"
- name: "backup-model"
provider: "openai-compatible"
endpoint: "http://ollama:11434/v1"
model: "llama3:70b"
Q2: 如何管理Skills的私有部署?
# 搭建私有ClawHub
# docker-compose.private-hub.yml
services:
clawhub-private:
image: openclaw/clawhub-server:latest
environment:
- STORAGE_TYPE=s3
- S3_ENDPOINT=http://minio:9000
- S3_BUCKET=clawhub-skills
volumes:
- ./clawhub-data:/data
# 配置OpenClaw使用私有Hub
# config/openclaw.yaml
skills:
registries:
- name: "private"
url: "https://clawhub-private.company.com"
auth:
type: "token"
token: "${PRIVATE_HUB_TOKEN}"
- name: "public"
url: "https://clawhub.com"
enabled: false # 禁用公网(内网环境)
🔗 相关资源
🎭 结语
世界上有一种部署叫企业级,它不只让代码跑起来,还要让代码优雅地跑起来。
2分17秒,我看着监控大屏上所有绿油油的指标,突然明白:好的部署方案,是让运维人员睡得着觉的艺术。