OpenClaw is all the hype right now. I played around with it over the weekend and ended up writing a Kubernetes operator for it.
There have been a lot of security concerns around running OpenClaw, and rightfully so. This operator tries to mitigate the ones it can at the infrastructure level: non-root execution, all capabilities dropped, default-deny NetworkPolicy, a validating webhook that blocks root containers. It won't help with what the agent's skills do, but at least the blast radius is contained.
Full disclosure: this was largely vibe-coded with Claude Code. Some highlights of what came out of it:
- Config changes trigger automatic rollouts via SHA-256 content hashing
- Optional Chromium sidecar for browser automation, hardened with its own security context and shared memory tuning
- The whole thing is a single CRD, so going from zero to a secured instance is just a kubectl apply
OpenClaw is all the hype right now. I played around with it over the weekend and ended up writing a Kubernetes operator for it.
There have been a lot of security concerns around running OpenClaw, and rightfully so. This operator tries to mitigate the ones it can at the infrastructure level: non-root execution, all capabilities dropped, default-deny NetworkPolicy, a validating webhook that blocks root containers. It won't help with what the agent's skills do, but at least the blast radius is contained.
Full disclosure: this was largely vibe-coded with Claude Code. Some highlights of what came out of it:
- Config changes trigger automatic rollouts via SHA-256 content hashing
- Optional Chromium sidecar for browser automation, hardened with its own security context and shared memory tuning
- The whole thing is a single CRD, so going from zero to a secured instance is just a kubectl apply
Apache 2.0 licensed. Happy to hear feedback.