Skip to content
KubeGlass

Configuration

Environment variables

Section titled “Environment variables”

Configuration is loaded via Viper at startup. Environment variables take precedence over config files.

Server

Section titled “Server”
VariableDefaultDescription
KUBEGLASS_PORT8090HTTP listen port
KUBEGLASS_ENVIRONMENTdevelopmentdevelopment or production. Controls logging format, CSP strictness
KUBEGLASS_DATA_DIR~/.kubeglass/dataDirectory for BoltDB, admin settings, snapshots
KUBEGLASS_DRAIN_TIMEOUT25sGraceful shutdown drain budget (keep under K8s terminationGracePeriodSeconds)

Authentication

Section titled “Authentication”
VariableDefaultDescription
KUBEGLASS_AUTH_MODElocalAuthentication mode: local, oidc, or impersonation
KUBEGLASS_SESSION_SECRET-HMAC-SHA256 secret for session cookies. Min 32 bytes, 64 recommended. Required for non-local auth
KUBEGLASS_SESSION_MAX_AGE8hSession cookie TTL
KUBEGLASS_OIDC_ISSUER_URL-OIDC provider URL (required for oidc mode)
KUBEGLASS_OIDC_CLIENT_ID-OIDC client ID
KUBEGLASS_OIDC_CLIENT_SECRET-OIDC client secret
KUBEGLASS_TRUSTED_PROXIES-CIDR list of trusted reverse proxies (for impersonation mode)

TLS

Section titled “TLS”
VariableDefaultDescription
KUBEGLASS_TLS_ENABLEDfalseEnable TLS termination
KUBEGLASS_TLS_CERT_FILE-Path to TLS certificate
KUBEGLASS_TLS_KEY_FILE-Path to TLS private key

Rate limiting

Section titled “Rate limiting”
VariableDefaultDescription
KUBEGLASS_RATE_LIMIT100Requests per second per IP
KUBEGLASS_RATE_BURST200Burst capacity per IP

Pagination

Section titled “Pagination”
VariableDefaultMaxDescription
KUBEGLASS_DEFAULT_PAGE_LIMIT100-Default items per page
KUBEGLASS_MAX_PAGE_LIMIT1000-Maximum items per page

Request limits

Section titled “Request limits”
VariableDefaultDescription
KUBEGLASS_MAX_REQUEST_BODY_SIZE1048576 (1 MiB)Maximum request body size in bytes

Demo mode

Section titled “Demo mode”
VariableDefaultDescription
KUBEGLASS_DEMO_MODEfalseRun in demo mode with sample data

CLI flags

Section titled “CLI flags”
Terminal window
kubeglass [flags]
FlagDescription
--demoStart in demo mode
--portOverride listen port

AdminSettings (runtime-mutable)

Section titled “AdminSettings (runtime-mutable)”

These settings are editable from the UI and persisted to {DataDir}/admin-settings.json.

In local mode (kubeconfig), all settings are editable. In cluster mode, settings are read-only unless KUBEGLASS_UI_CONFIGURABLE explicitly unlocks specific keys.

AdminSettings uses pointer fields to distinguish “not set” (nil) from zero values. When applying, non-nil values overlay the base AppConfig.