Kubecost on AKS Part 02

 Hi all, continuing from previous post on part 1, this blog post will focus on enabling kubecost with cloud integration . 

First, do the Azure Cost Management export to a Storage Account 

fill in all the required details especially on the storage account . The report in this storage account alter will be access by kubecost to view in on the kubecost dashboard . 

do note this may takes hours to be populated. 

Step 2 -Create A custom role and assigned a SPN with that custom role to your subscription

# Create kubecost custom role

   resource "azurerm_role_definition" "kubecost" {

   name        = "kubecost_rate_card_query"

   scope       = "/subscriptions/${var.sub-id}"

   description = "kubecost Rate Card query role"

 

  permissions {

    actions     = [

     "Microsoft.Compute/virtualMachines/vmSizes/read",

      "Microsoft.Resources/subscriptions/locations/read",

      "Microsoft.Resources/providers/read",

      "Microsoft.ContainerService/containerServices/read",

      "Microsoft.Commerce/RateCard/read",

    ]

    not_actions = []

  }

  assignable_scopes = [

    "/subscriptions/${var.sub-id}"

  ]

}

#Assign Role to SPN at Subcription level

resource "azurerm_role_assignment" "kubecost" {

  scope                = "/subscriptions/${var.sub-id}"

  role_definition_name = azurerm_role_definition.kubecost.name

  principal_id         = var.spn-id

}

you may also use create this using powershell or az cli, link in the reference

Step 3 - For this one it can divided into two the hard way or the gui way . dont worry i will cover both 

Let get to know the easier way first , hard requiredment is it must be running kubecost version 1.96 which was release few day ago as the blog is drafted. 

Once u deploy the kubecost with just setting up with the kubetoken. Access the kubecost dashboard by port forward to port 9090 and go to the setting. 

scroll until u find this option 

Click update and fill the details 

After click on submit, wait for sometimes and the data on cloud integration to be populated. 

So here come the hard way , all the component in easier method will be converted into line of code start with creating a kubernetes secret containing all the details 

resource "kubernetes_secret" "kubecost_sec" {

  metadata {

    name      = "kubecost-sec"

    namespace = kubernetes_namespace.kubecost.metadata[0].name

  }

  data = {

      "cloud-integration.json" = "\r\n{\r\n    \"azure\": [\r\n        {\r\n          \"azureSubscriptionID\": \"${var.sub-id}\",\r\n          \"azureStorageAccount\": \"${var.saname}\",\r\n          \"azureStorageAccessKey\": \"${var.sakey}\",\r\n          \"azureStorageContainer\": \"${var.sacontainer}\",\r\n          \"azureContainerPath\": \"${var.sapath}\",\r\n          \"azureCloud\": \"${var.azcloud}\"\r\n        }\r\n    ]\r\n}"

   

  }

  type = "Opaque"

}

on the helm value , point the cloud integration value to the secret that been created . 

  set {

    name  = "kubecostProductConfigs.cloudIntegrationSecret"

    value = kubernetes_secret.kubecost_sec.metadata[0].name

  }

Both of the method will get you to have kubecost cloud integration with azure 

now it is all concluded, list of the reference as below 

1. Deploy AKS + Kubecost with Terraform - Code it Yourself... (mendible.com)

2. Azure Config – Kubecost

3. poc-common-configurations/cloud-integration.json at main · kubecost/poc-common-configurations (github.com)

4. Kubernetes secret with json · Issue #1801 · hashicorp/terraform-provider-kubernetes (github.com)

5.Cost governance with Kubecost - Cloud Adoption Framework | Microsoft Docs

6. Kubecost team who has provide a good insight in their slack to the community 

enjoy the learning and thanks for reading, the sample code is available on my github