δΈζ | English
One-click deployment of KWeaver onto a single-node Kubernetes cluster.
This deploy repository is the unified online installer and supports these parallel entrypoints:
kweaver-dip: full-product path; automatically installskweaver-core,isf, Kubernetes, and required data serviceskweaver-core: core-capability path; suitable for Core-only deployment or a smaller first-time evaluationisf: install the ISF base platform onlyinfra: install Kubernetes and dependency services only
From an open-source user perspective, the main goal is usually to get a working environment quickly. For that reason, kweaver-dip install is the default recommendation. Use kweaver-core install when you only want the Core capability set.
| Item | kweaver-core minimum |
kweaver-dip minimum |
Recommended |
|---|---|---|---|
| OS | CentOS 8+, OpenEuler 23+ | CentOS 8+, OpenEuler 23+ | CentOS 8+ |
| CPU | 16 cores | 24 cores | 32 cores |
| Memory | 48 GB | 48 GB | 64 GB |
| Disk | 200 GB | 200 GB | 500 GB |
The deployment scripts need access to these domains:
| Domain | Purpose |
|---|---|
mirrors.aliyun.com |
RPM package mirrors |
mirrors.tuna.tsinghua.edu.cn |
containerd.io RPM mirror |
registry.aliyuncs.com |
Kubernetes component images |
swr.cn-east-3.myhuaweicloud.com |
KWeaver application image registry |
repo.huaweicloud.com |
Helm binary download |
kweaver-ai.github.io |
KWeaver Helm chart repository |
Run install commands as root.
# 1. Disable firewall
systemctl stop firewalld && systemctl disable firewalld
# 2. Disable swap
swapoff -a && sed -i '/ swap / s/^/#/' /etc/fstab
# 3. Set SELinux to permissive if needed
setenforce 0
# 4. Install containerd.io
dnf install containerd.io| Path | Best for | Automatically installs |
|---|---|---|
kweaver-dip install |
Fastest way to try the full product | kweaver-core, isf, K8s, MariaDB, Redis, Kafka, ZooKeeper, OpenSearch, ingress-nginx |
kweaver-core install --minimum |
Smallest first-time evaluation, without auth and business-domain | K8s, data services, ingress-nginx |
kweaver-core install |
Core-only deployment with the full Core module set | isf, K8s, data services, ingress-nginx |
isf install |
Preparing the base platform first | K8s, data services, ingress-nginx |
# 1. Clone the unified deploy repository
git clone https://github.com/kweaver-ai/deploy.git
cd deploy
# 2. (Recommended) Pre-install host check / fix
sudo bash ./preflight.sh --fix -y
# 3. (Optional) Customize ingress ports (default 80/443)
export INGRESS_NGINX_HTTP_PORT=8080
export INGRESS_NGINX_HTTPS_PORT=8443
# 4. Install KWeaver DIP
bash ./deploy.sh kweaver-dip install
# 5. Install the OpenClaw DIP plugin
openclaw plugins install ./openclaw-extensions/dipThe installer prompts for the access address and auto-detects the API server address. You can also provide them explicitly:
bash ./deploy.sh kweaver-dip install \
--access_address=<your-ip-or-domain> \
--api_server_address=<your-ip>After deployment, authorize OpenClaw to link with DIP Studio:
# 1. Find the pending device request
openclaw devices list
# 2. Approve it
openclaw devices approve <Request>After authorization, you can access:
https://<node-ip>/dip-hub: DIP Hub
Default username: admin
Initial password: eisoo.com
# 1. Clone the unified deploy repository
git clone https://github.com/kweaver-ai/deploy.git
cd deploy
# 2. (Recommended) Pre-install host check / fix
sudo bash ./preflight.sh --fix -y
# 3. Install KWeaver Core
# Minimum installation: recommended for first-time evaluation
bash ./deploy.sh kweaver-core install --minimum
# Full installation: includes auth and business-domain
bash ./deploy.sh kweaver-core install
# 4. (Recommended) Post-install bootstrap
bash ./onboard.sh # interactive
bash ./onboard.sh -y # non-interactive
bash ./onboard.sh --help # show all flagsTo skip interactive address prompts:
bash ./deploy.sh kweaver-core install \
--access_address=<your-ip-or-domain> \
--api_server_address=<your-ip>Full preflight / onboard flow, ISF dual-CLI auth and Mermaid diagrams: see help/en/install.md β Post-install:
onboard.sh.
This repository exposes multiple product-level entrypoints. kweaver-dip and kweaver-core are both first-class install commands.
- Install or repair single-node Kubernetes, local-path storage, and ingress-nginx.
- Install or repair data services: MariaDB, Redis, Kafka, ZooKeeper, and OpenSearch.
- Check whether
isfandkweaver-coreare already present, and install them if they are missing. - Deploy the KWeaver DIP application charts.
- Install or repair single-node Kubernetes, local-path storage, and ingress-nginx.
- Install or repair data services: MariaDB, Redis, Kafka, ZooKeeper, and OpenSearch.
- Deploy
isfas needed based on the install mode; minimum mode skips auth and business-domain. - Deploy the KWeaver Core application charts.
Notes:
kweaver-dipis the best fit when you want the full experience with the fewest manual steps.kweaver-coreis a better fit for Core-only use, smaller validation, or staged installation before DIP.isfcan be installed independently if you want the platform base first.- The auto-installed dependency set currently does not include MongoDB. If your environment requires MongoDB, configure it manually as an external dependency in the config file.
# Fastest full-product installation
./deploy.sh kweaver-dip install
# Install a specific DIP version
./deploy.sh kweaver-dip install --version 0.5.0
# Core-only installation (minimum mode recommended for first evaluation)
./deploy.sh kweaver-core install --minimum
# Full Core installation
./deploy.sh kweaver-core install
# Show status
./deploy.sh kweaver-dip status
./deploy.sh kweaver-core status
./deploy.sh isf status
# Uninstall application layers
./deploy.sh kweaver-dip uninstall
./deploy.sh kweaver-core uninstall# Install ISF only
./deploy.sh isf install
# Install infrastructure and data services only
./deploy.sh infra install
# Download local chart cache
./deploy.sh kweaver-dip download
./deploy.sh kweaver-core download
./deploy.sh isf download
# Cluster and pod status
kubectl get nodes
kubectl get pods -ADefault runtime config path:
~/.kweaver-ai/config.yaml
On the first install, if the config file does not exist, the script can generate it automatically and populate accessAddress. You can also generate it first and edit it before installation:
./deploy.sh config generateCommon scenarios:
- Change only the external entrypoint: use
--access_address - Re-run after config changes on an existing cluster: use
--force-upgrade - Install from pre-downloaded or offline charts: use
--charts_dir=<path> - Pin an aggregate release manifest: use
--versionor--version_file
# Cluster and pod status
kubectl get nodes
kubectl get pods -A
# Product status
./deploy.sh kweaver-dip status
./deploy.sh kweaver-core status
./deploy.sh isf statusdeploy/
βββ deploy.sh # Main entry script
βββ preflight.sh # Pre-install checks / fixes
βββ onboard.sh # Core post-install bootstrap
βββ conf/ # Bundled config and static manifests
βββ openclaw-extensions/ # OpenClaw plugins for DIP
βββ release-manifests/ # Versioned release bill of materials
βββ scripts/
β βββ lib/ # Common helper functions
β βββ services/ # Product and dependency install scripts
β βββ sql/ # Versioned SQL initialization scripts
βββ .tmp/charts/ # Local chart cache generated by download
Different entrypoints remove different layers:
kweaver-dip uninstall: removes only the DIP application layer, notkweaver-core,isf, or infrastructurekweaver-core uninstall: removes only the Core application layerk8s reset: resets the Kubernetes cluster including data services and infrastructure
# 1. Remove the DIP application layer
./deploy.sh kweaver-dip uninstall
# 2. Remove Core / ISF if no longer needed
./deploy.sh kweaver-core uninstall
./deploy.sh isf uninstall
# 3. Reset infrastructure last
./deploy.sh k8s reset# Check whether firewall is disabled
systemctl status firewalld
# Restart CoreDNS
kubectl -n kube-system delete pod -l k8s-app=kube-dnsIf pods cannot reach the external network, check whether the host DNS server supports TCP 53. If not, run:
kubectl -n kube-system edit core-dnsAdd prefer_udp under forward . /etc/resolv.conf {, then restart the CoreDNS pods.
# Check network connectivity
curl -I https://swr.cn-east-3.myhuaweicloud.com
# Check containerd config
cat /etc/containerd/config.tomlpreflight.sh --check-only reports one of these in strict mode (default):
[FAIL] Deprecated Kubernetes apt source detected (packages.cloud.google.com) ...
[FAIL] apt has no install candidate for kubeadm β Kubernetes apt source missing or unreachable.
[FAIL] dnf/yum has no install candidate for kubeadm β Kubernetes yum repo missing or unreachable.
Recommended fix (one command):
sudo bash deploy/preflight.sh --fix --fix-allow=k8s-pkgs-repo
# or, to also pre-stage containerd / helm / Node, etc.:
sudo bash deploy/preflight.sh --fix -ypreflight --fix β k8s-pkgs-repo covers both scenarios (legacy alias k8s-apt-source still works in --fix-allow):
- Legacy
packages.cloud.google.comsource present β migrate it topkgs.k8s.io - No K8s source configured at all β write
/etc/apt/sources.list.d/kubernetes.list(or/etc/yum.repos.d/kubernetes.repo) pointing topkgs.k8s.io/core:/stable:/<vX.Y>/deb|rpm/
Pin a specific minor with PREFLIGHT_K8S_APT_MINOR=v1.28 (default: detected from installed kubeadm, falls back to v1.28).
Manual fallback (Ubuntu/Debian):
sudo apt-mark unhold kubeadm kubelet kubectl || true
sudo apt remove -y kubeadm kubelet kubectl
sudo rm -f /etc/apt/sources.list.d/kubernetes.list
sudo rm -f /etc/apt/keyrings/kubernetes-apt-keyring.gpg
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' \
| sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectlManual fallback (RHEL/CentOS/openEuler):
sudo tee /etc/yum.repos.d/kubernetes.repo > /dev/null <<'EOF'
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
sudo dnf install -y --disableexcludes=kubernetes kubeadm kubelet kubectl # or: yumOn stock Ubuntu (no Docker CE repo) preflight.sh reports:
[FAIL] apt has no install candidate for containerd.io OR containerd.
[FAIL] containerd not found ...
preflight --fix β containerd-install now tries containerd.io first (Docker CE repo) and falls back to the distro containerd package automatically:
sudo bash deploy/preflight.sh --fix --fix-allow=containerd-installIf both fail, the apt/yum source itself is broken. Fix apt-get update / dnf repolist first.
preflight.sh defaults to strict mode (PREFLIGHT_STRICT=true). Items that block install AND are auto-fixable by --fix are reported as [FAIL] (so --check-only exits 1), not [WARN]:
swap,net.ipv4.ip_forward,br_netfilter/overlaymodules,bridge-nf-call-*vm.max_map_count,fs.inotify.*,ulimit -n softcontainerdnot found / socket missing,kubectl,helm,overlayfs- broken
apt-get update,dnf/yum repolistfailures, missing kubeadm/containerd install candidate
To downgrade these back to [WARN] temporarily, for example on a small lab host:
sudo bash deploy/preflight.sh --check-only --lenient
# equivalent to: PREFLIGHT_STRICT=false PREFLIGHT_STRICT_SOURCES=false sudo bash deploy/preflight.shkubectl logs -n <namespace> <pod-name>