Configuration Reference

All environment variables for each KubeWatch service.

KubeWatch is configured entirely via environment variables. On Docker Compose installs these are set in /opt/kubewatch/.env. On Kubernetes they are managed via Helm values, which are injected as ConfigMap and Secret resources.

Shared / global

VariableDefaultDescription
JWT_SECRET(generated)Shared JWT signing secret. Must be the same across gateway, auth, and any service that validates JWTs. Minimum 32 characters.
DATABASE_URLpostgresql://kubewatch:PASSWORD@postgres:5432/kubewatchPostgreSQL connection string. Used by auth, query, ingestion, clusters, and integrations.
REDIS_URLredis://:PASSWORD@redis:6379/0Redis connection string. Used by live-data for pub/sub.

Gateway

VariableDefaultDescription
GATEWAY_PORT8000Port the gateway listens on
AUTH_SERVICE_URLhttp://auth:8001Auth service base URL
INGESTION_SERVICE_URLhttp://ingestion:8002Ingestion service base URL
QUERY_SERVICE_URLhttp://query:8003Query service base URL
LIVE_DATA_SERVICE_URLhttp://live-data:8009Live data service base URL
CLUSTERS_SERVICE_URLhttp://clusters:8008Clusters service base URL
CLOUD_SERVICE_URLhttp://cloud:8010Cloud service base URL
INTEGRATIONS_SERVICE_URLhttp://integrations:8011Integrations service base URL

Auth service

VariableDefaultDescription
AUTH_PORT8001Port the auth service listens on
JWT_EXPIRES_IN24hJWT token lifetime
BCRYPT_ROUNDS12Password hashing rounds (higher = slower but more secure)
ADMIN_EMAILNoneEmail for the initial admin account (set during install)
ADMIN_PASSWORD(generated)Initial admin password (set during install)

Ingestion service

VariableDefaultDescription
INGESTION_PORT8002Port the ingestion service listens on
METRICS_RETENTION_DAYS30How many days of metrics to retain in the database
BATCH_SIZE500Number of metric rows to batch-insert per write

Query service

VariableDefaultDescription
QUERY_PORT8003Port the query service listens on

Live data service

VariableDefaultDescription
LIVE_DATA_PORT8009Port the live-data service listens on
WS_PING_INTERVAL30WebSocket ping interval in seconds
WS_MAX_CONNECTIONS1000Maximum concurrent WebSocket connections

Dashboard (Next.js)

VariableDefaultDescription
NEXT_PUBLIC_API_URLhttp://localhost:8000Gateway URL used by the browser
NEXT_PUBLIC_WS_URLws://localhost:8000WebSocket URL used by the browser
PORT3000Port the Next.js server listens on

Changing configuration

  1. Edit /opt/kubewatch/.env
  2. Restart the affected services:
cd /opt/kubewatch
docker compose up -d --force-recreate gateway auth query  # restart specific services
# or restart everything:
docker compose down && docker compose up -d