CLI Configuration
The kubectl-ka plugin supports configuration through persistent configuration files, environment variables, and CLI flags, following the same pattern as kubectl and other plugins.
Configuration Precedence
Configuration values are resolved in the following order (highest to lowest priority):
-
Plugin CLI Flags - Plugin-specific command line arguments
-
Environment Variables - System environment variables
-
Persistent Configuration - Cluster-specific settings stored in
~/.config/kubectl-ka.conf -
kubectl Configuration - Bearer tokens from kubectl config
-
Default Values - Built-in defaults
Global Configuration Parameters
All configuration can be set using environment variables with the prefix KUBECTL_PLUGIN_KA_:
| Environment Variable | Description | Default | CLI Flag |
|---|---|---|---|
|
KubeArchive API host:port |
|
|
|
Path to KubeArchive API certificate file |
(none) |
|
|
Skip TLS certificate verification for the KubeArchive API server |
|
|
|
Bearer token for KubeArchive API authentication |
(from kubeconfig) |
(uses kubectl’s |
|
Path to the kubectl-ka configuration file |
|
(none) |
Persistent Configuration
The plugin automatically manages cluster-specific configuration in ~/.config/kubectl-ka.conf. This eliminates
the need to specify KubeArchive connection details repeatedly when working with multiple clusters.
Configuration File Location
The default configuration file location can be customized:
# Use custom configuration file location
export KUBECTL_KA_CONFIG_PATH="/path/to/my-config.conf"
kubectl ka get podsAutomatic Setup
When you first run a command, the plugin will:
-
Detect if configuration exists for your current cluster
-
If not found, offer to run interactive setup
-
Attempt to discover KubeArchive services automatically
-
Guide you through authentication setup if needed
|
Automatic service discovery only works with:
For other service exposure methods (LoadBalancer, NodePort, Ingress, etc.), you must configure the KubeArchive host manually using |
Manual Configuration
You can also configure clusters manually using the config command:
# Interactive setup for current cluster
kubectl ka config setup
# Set KubeArchive host for current cluster
kubectl ka config set host https://kubearchive-api.example.com
# Set authentication token
kubectl ka config set token <your-service-account-token>
# Set custom certificate authority
kubectl ka config set ca /path/to/ca.crt
# Enable insecure TLS (defaults to true if no value provided)
kubectl ka config set insecure
kubectl ka config set insecure true # Explicit
# Clear/reset configuration values
kubectl ka config unset ca # Clear certificate authority
kubectl ka config unset insecure # Reset to secure mode
kubectl ka config unset token # Use kubectl's token dynamicallyConfiguration File Format
The configuration file uses YAML format:
clusters:
production-cluster:
cluster_name: production-cluster
server_url: https://api.prod.example.com:6443
host: https://kubearchive-api.prod.example.com
tls_insecure: false
cert_path: /path/to/ca.crt
token: eyJhbGciOiJSUzI1NiIs...
staging-cluster:
cluster_name: staging-cluster
server_url: https://api.staging.example.com:6443
host: https://kubearchive-api.staging.example.com
tls_insecure: trueAuthentication
The KubeArchive API only supports bearer token authentication.
If your kubeconfig uses client certificates or other authentication methods,
you must provide a bearer token from a service account in the cluster
with sufficient permissions to perform the requested operations (get, list, logs).
Certificate Handling
The plugin uses separate certificate handling for Kubernetes and KubeArchive APIs:
KubeArchive API Certificate
The KubeArchive API certificate is configured independently from the Kubernetes cluster certificate.
The --kubearchive-certificate-authority, --kubearchive-insecure-skip-tls-verify flags and their
environment variables provides the certificate necessary configuration for the CLI.