Sunday 14 August 2022

Kubecost on AKS Part 02

 Hi all, continuing from previous post on part 1, this blog post will focus on enabling kubecost with cloud integration . 


First, do the Azure Cost Management export to a Storage Account 


fill in all the required details especially on the storage account . The report in this storage account alter will be access by kubecost to view in on the kubecost dashboard . 

do note this may takes hours to be populated. 

Step 2 -Create A custom role and assigned a SPN with that custom role to your subscription

# Create kubecost custom role
   resource "azurerm_role_definition" "kubecost" {
   name        = "kubecost_rate_card_query"
   scope       = "/subscriptions/${var.sub-id}"
   description = "kubecost Rate Card query role"
 
  permissions {
    actions     = [
     "Microsoft.Compute/virtualMachines/vmSizes/read",
      "Microsoft.Resources/subscriptions/locations/read",
      "Microsoft.Resources/providers/read",
      "Microsoft.ContainerService/containerServices/read",
      "Microsoft.Commerce/RateCard/read",
    ]
    not_actions = []
  }

  assignable_scopes = [
    "/subscriptions/${var.sub-id}"
  ]
}
#Assign Role to SPN at Subcription level
resource "azurerm_role_assignment" "kubecost" {
  scope                = "/subscriptions/${var.sub-id}"
  role_definition_name = azurerm_role_definition.kubecost.name
  principal_id         = var.spn-id
}

you may also use create this using powershell or az cli, link in the reference

Step 3 - For this one it can divided into two the hard way or the gui way . dont worry i will cover both 

Let get to know the easier way first , hard requiredment is it must be running kubecost version 1.96 which was release few day ago as the blog is drafted. 

Once u deploy the kubecost with just setting up with the kubetoken. Access the kubecost dashboard by port forward to port 9090 and go to the setting. 

scroll until u find this option 


Click update and fill the details 


After click on submit, wait for sometimes and the data on cloud integration to be populated. 

So here come the hard way , all the component in easier method will be converted into line of code start with creating a kubernetes secret containing all the details 

resource "kubernetes_secret" "kubecost_sec" {
  metadata {
    name      = "kubecost-sec"
    namespace = kubernetes_namespace.kubecost.metadata[0].name
  }
  data = {
      "cloud-integration.json" = "\r\n{\r\n    \"azure\": [\r\n        {\r\n          \"azureSubscriptionID\": \"${var.sub-id}\",\r\n          \"azureStorageAccount\": \"${var.saname}\",\r\n          \"azureStorageAccessKey\": \"${var.sakey}\",\r\n          \"azureStorageContainer\": \"${var.sacontainer}\",\r\n          \"azureContainerPath\": \"${var.sapath}\",\r\n          \"azureCloud\": \"${var.azcloud}\"\r\n        }\r\n    ]\r\n}"
   
  }
  type = "Opaque"
}

on the helm value , point the cloud integration value to the secret that been created . 

  set {
    name  = "kubecostProductConfigs.cloudIntegrationSecret"
    value = kubernetes_secret.kubecost_sec.metadata[0].name
  }

Both of the method will get you to have kubecost cloud integration with azure 


now it is all concluded, list of the reference as below 

1. Deploy AKS + Kubecost with Terraform - Code it Yourself... (mendible.com)

2. Azure Config – Kubecost

3. poc-common-configurations/cloud-integration.json at main · kubecost/poc-common-configurations (github.com)

4. Kubernetes secret with json · Issue #1801 · hashicorp/terraform-provider-kubernetes (github.com)

5.Cost governance with Kubecost - Cloud Adoption Framework | Microsoft Docs

6. Kubecost team who has provide a good insight in their slack to the community 

enjoy the learning and thanks for reading, the sample code is available on my github 

- No comments:

Sunday 7 August 2022

Kubecost on AKS Part 01

 Hi, for this blog post , i will share my journey on enabling kubecost with cloud integration on my kubernetes cluster . 



Prerequisite 

1. Kubernetes cluster ; my case will be AKS 

2. Azure AD SPN 

3. Storage Account 

4.Tools
 4.1 Helm
 4.2 Terraform(Optional)

5. Ingress Controller (Optional)


Step 1- Get kubecost running on your AKS cluster 

There are few guide available even on microsoft document tation , but i will share on utilizing helm chart provider in terraform. 

 1.1 - Create a kubecost namespace

 resource "kubernetes_namespace" "kubecost" {

  metadata {

    annotations = {

      name = "kubecost-annotation"

    }

    name = "kubecost"

  }

}

1.2 install the kubecost helm chart 

resource "helm_release" "kubecost-helm" {

   name       = "kubecost"

   repository = "https://kubecost.github.io/cost-analyzer/"

   chart      = "cost-analyzer"

   namespace = kubernetes_namespace.kubecost.metadata[0].name

  

    set {

    name  = "kubecostToken"

    value = "aGVsbUBrdWJlY29zdC5jb20=xm343yadf98"

    #value = "YWJkdWwubXVuaXI5NEBvdXRsb29rLmNvbQ==xm343yadf98"

   } 

}

For kubetoken , u may use either one as both are working as per my testing

Then u can apply the terraform code and if you want to add  other parameter , you may add other like what has been done here - kubecost helm

set {

    name  = "kubecostProductConfigs.clusterName"

    value = var.aks-name

  }

  set {

    name  = "ingress.enabled"

     value = true

   }

  set {

     name  = "ingress.hosts"

     value = "kubecost.munirtajudin.xyz"

   }

 


  #Set the currency

 set {

    name  = "kubecostProductConfigs.currencyCode"

    value = "USD"

  }

  # Set the region

  set {

    name  = "kubecostProductConfigs.azureBillingRegion"

    value = "US"

  }

  

  # Generate a secret based on the Azure configuration provided below

  set {

    name  = "kubecostProductConfigs.createServiceKeySecret"

    value = true

  }


  # Azure Subscription ID

  set {

    name  = "kubecostProductConfigs.azureSubscriptionID"

    value = var.sub-id

  }


  # Azure Client ID

  set {

    name  = "kubecostProductConfigs.azureClientID"

    value = var.client-id

  }


  # Azure Client Password

  set {

    name  = "kubecostProductConfigs.azureClientPassword"

    value = var.client-sec

  }


  # Azure Tenant ID

  set {

    name  = "kubecostProductConfigs.azureTenantID"

    value = var.tenant-id

  }

you may do port forward to 9090 and access the kubecost dashboard. do give it a few minute because kubecost will take sometimes to collect the metric. 

see you in part 2 where it will focus on enabling cloud integration with azure cost management. 

thanks for reading and do provide feedback if any 

- No comments:
Subscribe to: Posts (Atom)

Kubecost on AKS Part 02

  • Enable Boot Diagnostic Via Terraform Part 2
    For this posting, it is more like an update as i recently found a better way in github ( link here ) to enable the boot diagnostic to Azure ...
  • Enable Boot Diagnostic Via Terraform
    Hello all, today i will be sharing a bit on my experience dealing with terraform on deploying resource on azure. My problem on building ...
  • Kubecost on AKS Part 02
     Hi all, continuing from previous post on part 1, this blog post will focus on enabling kubecost with cloud integration .  First, do the Azu...