Accessing KubeArchive

This document explains how to access KubeArchive after installing it in your cluster.

This document only covers the basic development scenario, the process may be different for a production cluster.

Port Forward KubeArchive

After installing, KubeArchive creates different services. Use kubectl to forward the port of the KubeArchive API:

kubectl port-forward -n kubearchive svc/kubearchive-api-server 8081:8081

bash

Authentication and Authorization

KubeArchive delegates authentication and authorization to the Kubernetes RBAC service. In order to retrieve resources from KubeArchive, you need to pass an identity when you make a request. The easiest way is to use a service account. Create one and assign it permissions, for example:

kubectl create serviceaccount \
    kubearchive-view --namespace default

kubectl create role kubearchive-view-pods \
    --verb=get,list --resource=pods --namespace default

kubectl create rolebinding kubearchive-view-pods \
    --serviceaccount=default:kubearchive-view \
    --role=kubearchive-view-pods --namespace default

kubectl auth can-i list pods \
    --as=system:serviceaccount:default:kubearchive-view --namespace default

bash

Query KubeArchive

After creating the service account and configuring its access, generate a token and use it to query KubeArchive:

$ export SA_TOKEN=$(kubectl create token kubearchive-view --namespace default)
$ curl --insecure \
    -H "Authorization: Bearer ${SA_TOKEN}" \
    https://localhost:8081/api/v1/namespaces/default/pods

{"apiVersion":"v1","items":null,"kind":"List","metadata":{"continue":"","resourceVersion":""}}

bash

Next steps

Continue reading Configuring KubeArchive to learn how to use KubeArchive to archive and delete resources.