KubeWatch is configured entirely via environment variables. On Docker Compose installs these are set in /opt/kubewatch/.env. On Kubernetes they are managed via Helm values, which are injected as ConfigMap and Secret resources.
Shared / global
| Variable | Default | Description |
|---|
JWT_SECRET | (generated) | Shared JWT signing secret. Must be the same across gateway, auth, and any service that validates JWTs. Minimum 32 characters. |
DATABASE_URL | postgresql://kubewatch:PASSWORD@postgres:5432/kubewatch | PostgreSQL connection string. Used by auth, query, ingestion, clusters, and integrations. |
REDIS_URL | redis://:PASSWORD@redis:6379/0 | Redis connection string. Used by live-data for pub/sub. |
Gateway
| Variable | Default | Description |
|---|
GATEWAY_PORT | 8000 | Port the gateway listens on |
AUTH_SERVICE_URL | http://auth:8001 | Auth service base URL |
INGESTION_SERVICE_URL | http://ingestion:8002 | Ingestion service base URL |
QUERY_SERVICE_URL | http://query:8003 | Query service base URL |
LIVE_DATA_SERVICE_URL | http://live-data:8009 | Live data service base URL |
CLUSTERS_SERVICE_URL | http://clusters:8008 | Clusters service base URL |
CLOUD_SERVICE_URL | http://cloud:8010 | Cloud service base URL |
INTEGRATIONS_SERVICE_URL | http://integrations:8011 | Integrations service base URL |
Auth service
| Variable | Default | Description |
|---|
AUTH_PORT | 8001 | Port the auth service listens on |
JWT_EXPIRES_IN | 24h | JWT token lifetime |
BCRYPT_ROUNDS | 12 | Password hashing rounds (higher = slower but more secure) |
ADMIN_EMAIL | None | Email for the initial admin account (set during install) |
ADMIN_PASSWORD | (generated) | Initial admin password (set during install) |
Ingestion service
| Variable | Default | Description |
|---|
INGESTION_PORT | 8002 | Port the ingestion service listens on |
METRICS_RETENTION_DAYS | 30 | How many days of metrics to retain in the database |
BATCH_SIZE | 500 | Number of metric rows to batch-insert per write |
Query service
| Variable | Default | Description |
|---|
QUERY_PORT | 8003 | Port the query service listens on |
Live data service
| Variable | Default | Description |
|---|
LIVE_DATA_PORT | 8009 | Port the live-data service listens on |
WS_PING_INTERVAL | 30 | WebSocket ping interval in seconds |
WS_MAX_CONNECTIONS | 1000 | Maximum concurrent WebSocket connections |
Dashboard (Next.js)
| Variable | Default | Description |
|---|
NEXT_PUBLIC_API_URL | http://localhost:8000 | Gateway URL used by the browser |
NEXT_PUBLIC_WS_URL | ws://localhost:8000 | WebSocket URL used by the browser |
PORT | 3000 | Port the Next.js server listens on |
Changing configuration
- Edit
/opt/kubewatch/.env
- Restart the affected services:
cd /opt/kubewatch
docker compose up -d --force-recreate gateway auth query # restart specific services
# or restart everything:
docker compose down && docker compose up -d