CLI Configuration
The kubectl-archive plugin supports configuration through environment variables and CLI flags, following the same pattern as kubectl and other plugins.
Configuration Precedence
Configuration values are resolved in the following order (highest to lowest priority):
-
Plugin CLI Flags - Plugin-specific command line arguments
-
Environment Variables - System environment variables
-
Default Values - Built-in defaults
Global Configuration Parameters
All configuration can be set using environment variables with the prefix KUBECTL_PLUGIN_ARCHIVE_:
| Environment Variable | Description | Default | CLI Flag |
|---|---|---|---|
|
KubeArchive API host:port |
|
|
|
Path to KubeArchive API certificate file |
(none) |
|
|
Skip TLS certificate verification for the KubeArchive API server |
|
|
|
Bearer token for KubeArchive API authentication |
(from kubeconfig) |
(uses kubectl’s |
Authentication
The KubeArchive API only supports bearer token authentication.
If your kubeconfig uses client certificates or other authentication methods,
you must provide a bearer token from a service account in the cluster
with sufficient permissions to perform the requested operations (get, list, logs).
Certificate Handling
The plugin uses separate certificate handling for Kubernetes and KubeArchive APIs:
KubeArchive API Certificate
The KubeArchive API certificate is configured independently from the Kubernetes cluster certificate.
The --kubearchive-certificate-authority, --kubearchive-insecure-skip-tls-verify flags and their
environment variables provides the certificate necessary configuration for the CLI.
Examples
Use a bearer token for a service account
KUBECTL_PLUGIN_ARCHIVE_TOKEN=$(kubectl -n test create token default) kubectl archive get v1 podsUse insecure TLS for KubeArchive API
kubectl archive get v1 pods --kubearchive-insecure-skip-tls-verify