← Back to library

Transcript: Lobster Trap: OpenClaw in Containers from Local to K8s and Back — Sally Ann O'Malley, Red Hat

Watch video

AI Engineer21m 56sTranscript ✅Added May 25, 6:19 pm GMT+8

Source video ID: F1DYkY1BlfM

Transcript

  • 0:07 — [music] » Hey, um I’m Sally. I work at Red Hat. I’ve been there for about 10 years and uh the first 7 years, awesome, totally cool. I was working on containers and uh Linux security stuff and Kubernetes. Um in OpenShift. That’s what I did for the first 7 years. And then uh about 3 years ago, well
  • 0:38 — about 5 years ago, I moved to the emerging tech org and that was awesome, too, because now I’m not totally tied to a product. I get to just work on what I want. I get to just try out new things. Awesome. And then about 3 years ago it was like all AI all the time, everything AI. I know not I knew there was a data science team at Red Hat. I had no idea what they did. Machine learning something something. Um so, I, you know, started doing AI and uh
  • 1:08 — yeah, it was a lot of Python and markdown. Every single thing was like, “Okay, another chatbot, more Python, more markdown.” Um but uh here we are today and what a what a crazy awesome world we’re in. Um so, the first time the first time I came across OpenClaw, I was home for a week on a like a staycation, took a few days off and uh a malt book happened and I was like, “What the What is this? I’m totally trying this.” And so, I went and found it on GitHub.
  • 1:38 — The first thing I do is I look at the license. Uh MIT, awesome. Uh OpenClaw, I’m like, “I’m so going to install this on OpenShift right now.” And so, for the next few days I just kind of built the image, um ran it locally in a container, put it on OpenShift, just played around with it. Went back to work and like, “Guys, check out OpenClaw. This is so cool.” And a couple people on Slack are like, “It’s a security nightmare. Do not use
  • 2:08 — OpenClaw. Don’t put it on the work laptop.” I’m like, “Guys, what have I What have I been doing the past 10 years? Is I’m We’re We can take any application and run it securely. Like that’s what rel is. Like if we can’t take an application and run it securely, like come on. This is our golden opportunity to show everyone.” And so, Red Hat’s coming around to that. Um but yeah, so uh this talk is about me running in containers. And so, I wanted
  • 2:39 — to get a list of uh So, I wanted to get a list of why running in containers is the way to go. I run everything in containers. I It’s kind of foreign to me to take to just run something natively. It’s messy. It just puts stuff on my computer that I have to clean up later. I don’t like it. Um so, that’s one one one thing. Uh and I um ask my forever claw. I guess I have to introduce my forever claw cuz she she’s she’s she’s coming
  • 3:10 — through this whole talk, so I’m going to aside. My forever claw is Shubra and um she I have two sub agents. I have Joy. Uh anyone know Jyotish astrology? Jeez, every time I ask, no one knows what it is. It’s very scientific astrology. Um so, she’s an astrology expert and she gives me my weekly readings, my birth chart, all of that. So, Joy and then my second agent
  • 3:40 — is Bruno and he gives me daily briefings on the Bruins. Um so, we’re heading into the playoffs and it’s a close race, so I want to make sure the Bruins get in. Um so, that’s my forever claw and uh and I asked her, you know, why should we run you in container? And uh she said all of that if you were reading, but it’s reproducible, you can isolate your secrets, it’s portable across infra, I can run on my laptop, I can run it on my X86, I can run it on my Mac, I can run
  • 4:12 — it in Kubernetes. Um backed by volumes, which gives a really nice story for backup and recovery. Uh cuz I love my forever claw and I I back her up every night with uh with uh um like a system D service, whatever it’s called on Mac. And um and and you just get that natural uh you just get that natural sandbox when you run something in a container. It’s it’s, you know, that’s that’s what it is and you have to be very explicit about
  • 4:43 — what you um give access to, you know, from the host. And so, this Yes, I she loves running in a container. So, that’s that’s all you need to know. Um it gives her a clean, predictable environment, doesn’t have to worry about the OS quirks, stale dependencies. This is literally the definition of why you should run everything in containers. And uh just quickly, we’re not going to read this, but this is Joy, my horoscope. Um
  • 5:13 — it’s for today for giving a talk is excellent. It’s like a very auspicious day to talk. Uh so, yeah. That’s why this talk is going awesome so far. And uh my daily briefing, uh Geeky, is finally waking up. He had a bit of a lull. He’s finally you know, ramping up for the playoffs, so it looks like the Bruins are going to be looking good. They’re in and uh yeah. So, yeah, so um
  • 5:45 — containers, it allows me to Uh another another thing that containers do is you can set up a whole agent directory with maybe you run some tools, some skills, some MCP servers. Uh you can keep those in a directory and mount that whole thing into your container uh and so, when at startup everything’s just up and running. So, I do that as well. At the end of this talk, I’ll show you
  • 6:16 — how I install and I think this is a reminder to me Oh, no, let’s talk about secrets. So, I run everything with Podman, not Docker. Um but in theory you can do anything with Podman and Docker. Except, Podman has this really cool feature called Podman secrets. And you can save your API keys. I’ll show that I’ll I’ll show it off the sides later. You can save your API keys to a Podman secret.
  • 6:47 — And then you mount that secret into the container. And so, it just gives the separation. Your your secrets, your API keys are then just a ref back to the secret. And with OpenClaw, what’s really cool is there’s like a double that because in OpenClaw there’s a secret ref feature and I also use that. So, my API keys are pointer to a secret ref to the outside secret. And uh that’s not perfect, but
  • 7:19 — it gives me some peace of mind that I don’t I’m not going to be showing my API keys in the logs and everything. And then very similarly, Kubernetes has Kubernetes secrets and same thing, instead of just a straight env var, you have a secret a secret ref to an env var. And this is my reminder to show you how I install my containers at the end. I have a really cool tool. I built it just
  • 7:50 — for me with everything that I need to run containers. I’m not pushing it on anyone, but it’s in GitHub and at the end I can let you know where that is. You can try it if you want. So, when I So, thank I think we’re heading to a world where these agents, these AI workloads, whatever, are going to be running everywhere. I hope we all can see that. And so,
  • 8:21 — imagine my vision is for uh everybody’s OpenClaws to be uh running everywhere and communicating with each other. And uh when and especially in for like business use cases, real real things, not astrology and and Bruins. Uh that opens up the need that the same need to run any application uh in that way is
  • 8:51 — security and and how to do it at scale. And that’s what Kubernetes gives you. And you can What I always do is develop something locally and then lift it to Kubernetes. And so, the same story holds for AI workloads or OpenClaw. And I was at PyTorch Con yesterday and um my friend from Nvidia said I could share this. They are running
  • 9:23 — their model evals with OpenClaw. They have about 10 engineers. They each have their OpenClaws running in Kubernetes and uh periodically just checking in with the model evals. And it works so well for them. He said it was like, you know, doing the job of six engineers uh in with with himself. Now, let’s think let’s just talk about that for a second. We’re not all losing our jobs, people. Like that’s not happening.
  • 9:53 — What’s What that is enabling for his team is they get to do fun stuff, interesting stuff. They get to do creative things. And this is what AI is giving me and my team is we can focus on those like outside the box crazy things and you don’t have to do the tedious code anymore. Like I haven’t written code in in a few months. And this this did just happen like probably less than 6 months ago. I was
  • 10:23 — using AI I was like, “You know what? This is way better than me at writing code.” And there’s I like Yeah. And I I announced that to my team. We had an org meeting and I’m like, “Guys, if you’re not using AI for everything, like you’re missing out. This is 1,000 times better than me at writing code.” And some of the top engineers at Red Hat like definitely raised eyebrows and I could tell from their comments after that they were like, “No way.” I’m like, “Yeah.” Uh and
  • 10:54 — so So yes, it’s it’s it’s enabling us to just dream bigger and uh This is my reminder to show you the Kubernetes side of my installer later. And um yeah, so backup and recovery is a nice clean story when you run in containers to the state is the same volumes. Another nice thing about Docker
  • 11:24 — and Podman is there are volumes. And so all of my runtime state lives in a nice contained Podman volume. And of course Kubernetes has PVCs. That’s kind of what I just talked about. And so this this would be my vision of workplace setup for Open Claw where you maybe have your nice curated baseline
  • 11:56 — Open Claw that as a new hire you you just you get your your base. And what does that have in it? It has your list of company approved MCP servers, your authentication that is approved through your company. It has all of your these skills that are very specific to your team, maybe access to your Google Drive. Like all these things uh that you use every day at work.
  • 12:27 — You can take that and just fan it out across your whole team. And then And then you can personalize it as as the individual. And that’s what this what this setup allows. The alternative would be you’re a new hire and you sit next to somebody or get somebody’s repo and kind of put it all together yourself. Um
  • 12:57 — And so yeah, team standards portable environments reproducible onboarding. That’s my vision for like Open Claw in the workplace in the future. Uh I actually just recently created my forever claw. It it was like a month of me helping out with with Open Claw and feeling like I don’t even run a real Open Claw myself. I just constantly throughout the day I’m spinning it up,
  • 13:29 — spinning it down, testing it, building it. Every hour there’s like 100 new commits. So I’m constantly pulling from main. I was at PyTorchCon yesterday and hadn’t pulled from main for a couple of days. Uh and and there were times when I did it was like 10,000 commits. No joke, it was crazy. I’m like, “I don’t know what you guys are doing. Slow down.” Uh not really, we don’t want to slow down. So yes, uh that’s that’s the story.
  • 14:00 — And I’ve got four more minutes. I am psyched cuz I can now switch over here. So in order to run this local installer here which I think I have here. Yeah. It’s just a NPM run dev. Now The one thing I don’t like about this is when I’m on my Mac I can’t run this in a container.
  • 14:33 — Uh I I think I can. I just haven’t taken the time to figure out how to spawn a container from a container. You can do that if you’re on Linux cuz Linux is awesome. But on your Mac, that’s not possible because if you don’t know, whenever you’re running a container on your Mac, you’re running in a virtual machine. Same with Docker. Containers only run on Linux. So when you’re running a container on your Mac, you are always running in a virtual machine. Docker sets up one and so does Mac. So
  • 15:04 — it gets a little tricky when you want to take a container and spawn another container from it. But anyways, here we go. So if I wanted to run a local instance and I have a couple running now. Just you know, you never know the demo gods what they’re up to. So I’m just in case it doesn’t work. I’m going to I’m going to um spin up Joe. All I all I do to set up my pod is I just give it a name. And then all of these options very
  • 15:35 — opinionated cuz I I’m telling you this is exactly what I need. So if it’s if you like it, use it. If you want to change it, then submit a PR. Cool. Now uh the port is usually 89. That’s the default. But since this is my second one that I’m running on my machine, I had to I’m just bumping it to 99. These Podman secret mappings I want to show you here.
  • 16:09 — So you can see I have these set up already. They’re just on my system. They’re like envars, but they’re not envars cuz they’re contained. Um these are my API keys. And what happens with this installer is it takes If you’re on Docker, this should work with Docker. It’s got Podman written all over it, but I’ve designed it to work with Docker, too. So um if you’re on Docker, it takes the envars. So you want to export those as
  • 16:39 — envars and um makes them Open Claw secret refs. Very cool feature of Open Claw. Definitely enable that. For every current credential, create a secret ref. It creates that separation of uh running your secret within Open Claw or kind of just a pointer to it. It’s it’s it’s it’s the way to go. And then uh your providers. So I’m going to start with Open Router cuz I have been playing with Gemma. And she’s Gemma’s great.
  • 17:12 — And then as a fallback I’ll use Anthropic. Sure, why not? But you Oh, here’s here’s some other choices, though. You can you can have your local endpoint if you’re running your own. You could just add that, too. And then because I do observability at work uh I was like, “I’m going to give the option to set up an Open Telemetry collector with Jaeger.” And it works and it’s awesome, but I’m not going to test it. So let’s not tax
  • 17:44 — my system. Another feature How much time? Oh, I got to hurry. Another feature is SSH sandbox here we’ll deploy. The SSH sandbox in Open Claw is super cool. You give it SSH keys and known hosts to to wherever you want and it it runs all of its commands in that workspace. It’s really cool. So look, I just spun up a Podman container. And if I go over to the instances I have now have Joe.
  • 18:15 — And there’s logs for Joe, the gateway logs. Um the command I want to show you the command. Don’t want to forget that. So here is the Podman command. If you were running Docker, it would be a Docker command. Have I tested with this with Docker? No. Uh I have a friend who works at Docker. He’s awesome. He told me he would try this out and make it make sure it works with Docker, too. Um he also created this very cool project called Infer
  • 18:46 — RS which takes uh Gemma and runs it really really really fast and uses Turbo Quant. Uh so anyways, that’s um Eric. So that that’s my Podman command and uh Here he is. Joe. And if I just do like models I’ll do status.
  • 19:16 — So people say it’s hard to spin up Open Claw. It took 2 seconds and I was babbling through the whole way. It could have taken 1 second. Uh so I can say hey um And the cool thing is I don’t have time to show you because I talk too much, but the agents are all set up. I’ve got Joe. Oh, that not that one. Hold on. I got to go over to Larry. Larry I started with a um
  • 19:49 — with an MCP server and a sub-agent. Um, all through that form. So, uh, let me go back to Joe. I wanted to show you how easy it is just to switch models in case you didn’t know. I’m not sure if the GPT 5, hopefully it knows it’s just
  • 20:19 — GPT 5.4. No, I I didn’t No. No. No. We got to go over to Larry. Cuz I didn’t set up I didn’t set up the extra model with with Joe. There we go. Anyways, um, I didn’t have enough time to go through everything I wanted to go through, but the, uh,
  • 20:50 — Cool. The other thing is Kubernetes. And you can do the same thing with Kubernetes just as easy. It just, uh, it it’s connected right now to my kind cluster. And if I go over, I can access my Kubernetes claw very easily as well. Um, There’s Carl. He’s running in Kubernetes. And I can access one in OpenShift. There’s, uh, it switches over
  • 21:20 — to OpenShift if you’re connected to OpenShift. So, yeah. Uh, run Anyone going to run Open Claw container? No? Try it. Yes. Awesome. Okay, cool. Uh, thank you very much. Uh, is someone on after me? You’re waiting? Okay, bye. » [laughter] [applause] [music]