Skip to main content

Documentation Index

Fetch the complete documentation index at: https://radarhq.io/docs/llms.txt

Use this file to discover all available pages before exploring further.

radar (or kubectl radar when installed via Krew) accepts the flags below. Defaults come from ~/.radar/config.json if present - see Configuration files.

General

FlagDefaultDescription
--port9280HTTP port the UI / API serve on.
--no-browserfalseDon’t auto-open the browser.
--namespace""Initial namespace filter (empty = all namespaces).
--version-Print version and exit.
--debug-eventsfalseVerbose event-drop logging.

Cluster connection

FlagDescription
--kubeconfigPath to a kubeconfig file. Falls back to KUBECONFIG env or ~/.kube/config.
--kubeconfig-dirComma-separated directories whose kubeconfigs are merged. Mutually exclusive with --kubeconfig.

Timeline storage

FlagDefaultDescription
--timeline-storagememorymemory or sqlite. SQLite persists across restarts.
--timeline-db~/.radar/timeline.dbPath to the SQLite database when --timeline-storage=sqlite.
--history-limit10000Max events retained in the timeline (memory mode).

Metrics & traffic

FlagDescription
--prometheus-urlManual Prometheus / VictoriaMetrics URL. Skips auto-discovery (handy for out-of-cluster Prometheus).

Feature toggles

FlagEffect
--no-mcpDisable the MCP server (AI tools won’t be able to connect).
--disable-helm-writeRead-only Helm: hide install / upgrade / rollback / uninstall buttons.
--disable-execNo pod terminal / debug shell.
--disable-local-terminalDisable the local-machine terminal pane.
--pod-shell-defaultOverride the default pod exec shell (runs as sh -c <value>; empty falls back to bash -il → ash → sh).

Authentication

See Authentication for the full setup. Common flags:
FlagDescription
--auth-modenone (default), proxy, or oidc.
--auth-secretHMAC secret for session cookies. Auto-generated when empty - set this for multi-replica deployments.
--auth-cookie-ttlSliding session TTL. Default 4h.
Proxy mode (oauth2-proxy / Pomerium / etc.):
FlagDefaultDescription
--auth-user-headerX-Forwarded-UserHeader carrying the username.
--auth-groups-headerX-Forwarded-GroupsHeader carrying the comma-separated groups.
OIDC mode (Google / Okta / Keycloak / etc.):
FlagDescription
--auth-oidc-issuerOIDC issuer URL.
--auth-oidc-client-idClient ID from your IdP.
--auth-oidc-client-secretClient secret.
--auth-oidc-redirect-urlThe /auth/callback URL registered with the IdP.
--auth-oidc-groups-claimJWT claim that carries groups. Default groups.
--auth-oidc-post-logout-redirect-urlURL to redirect to after IdP logout (must be registered with the IdP).
--auth-oidc-username-prefixUsername prefix for K8s impersonation - must match kube-apiserver’s --oidc-username-prefix.
--auth-oidc-groups-prefixGroups prefix for K8s impersonation - must match kube-apiserver’s --oidc-groups-prefix.
--auth-oidc-insecure-skip-verifySkip TLS verification on the IdP (dev / test only).
--auth-oidc-ca-certPath to a custom CA bundle for the IdP.
--auth-oidc-backchannel-logoutEnable the back-channel logout endpoint. Single-replica only.

Radar Cloud

These flags wire an in-cluster Radar to a hosted Radar Cloud. Each is also readable from the matching RADAR_CLOUD_* env var (so secrets stay out of ps).
FlagEnvDescription
--cloud-urlRADAR_CLOUD_URLCloud WS endpoint (e.g. wss://api.radarhq.io/agent). Empty = local-only.
--cloud-tokenRADAR_CLOUD_TOKENCluster token from the Cloud install wizard (rhc_<random>).
--cluster-nameRADAR_CLOUD_CLUSTER_NAMEHuman-readable name (required with --cloud-url).
Setting RADAR_CLOUD_MODE=true additionally forces --auth-mode=proxy and pins X-Forwarded-User / X-Forwarded-Groups so the in-cluster Radar impersonates the Cloud-authenticated user against the K8s API. Don’t set this for local installs.

Internal / development

FlagDescription
--devServe the frontend from disk instead of the embedded bundle.
--fake-in-clusterPretend Radar is running in-cluster (useful for testing the in-cluster UX off-cluster).