Kubecost needs access to the Microsoft Azure Billing Rate Card API to access accurate pricing data for your Kubernetes resources.
Note: you can also get this functionality plus external costs by completing the full Azure billing integration.
Start by creating an Azure role definition. Below is an example definition, replace YOUR_SUBSCRIPTION_ID with the Subscription ID where your Kubernetes Cluster lives:
{
"Name": "KubecostRole",
"IsCustom": true,
"Description": "Rate Card query role",
"Actions": [
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/providers/read",
"Microsoft.ContainerService/containerServices/read",
"Microsoft.Commerce/RateCard/read"
],
"AssignableScopes": [
"/subscriptions/YOUR_SUBSCRIPTION_ID"
]
}Save this into a file called myrole.json
Next, you'll want to register that role with Azure:
az role definition create --verbose --role-definition @myrole.jsonNext, create an Azure Service Principal.
az ad sp create-for-rbac --name "KubecostAccess" --role "KubecostRole" --sdk-auth true > my_credentials.jsonThe newly created my_credentials.json file will contain the relevant configuration information.
Kubecost supports querying the Azure APIs for cost data based on the region and currency you have configured in your Microsoft Agreement.
Those properties are configured with the following helm values:
kubecostProductConfigs.azureBillingRegionkubecostProductConfigs.currencyCode
Be sure to reference you billing information with Microsoft and update the above helm values to reflect your bill to country and currency.
The following Microsoft documents are a helpful reference:
- Azure Pricing FAQ
- Geographic availability and currency support for the commercial marketplace
- Azure Portal > Cost Management + Billing > Billing Account Properties
Create a file called service-key.json and update it with the Service Principal details from the above steps:
{
"subscriptionId": "<Azure Subscription ID>",
"serviceKey": {
"appId": "<Azure AD App ID>",
"password": "<Azure AD Client Secret>",
"tenant": "<Azure AD Tenant ID>"
}
}Next, create a secret for the Azure Service Principal
Note: When managing the service account key as a Kubernetes secret, the secret must reference the service account key json file, and that file must be named
service-key.json.
kubectl create secret generic azure-service-key -n kubecost --from-file=service-key.jsonFinally, set the kubecostProductConfigs.serviceKeySecretName helm value to the name of the Kubernetes secret you created. We use the value azure-service-key in our examples.
Additionally, the Helm value
kubecostProductConfigs.azureOfferDurableIDcan be modified to use the Offer Durable ID of your subscription, which can be found in the Azure Portal under Subscriptions. The default value isMS-AZR-0003Pwhich is a pay-as-you-go subscription.
In the Helm values file:
kubecostProductConfigs:
azureSubscriptionID: <Azure Subscription ID>
azureClientID: <Azure AD App ID>
azureTenantID: <Azure AD Tenant ID>
azureClientPassword: <Azure AD Client Secret>
azureOfferDurableID: MS-AZR-0003P
azureBillingRegion: US
currencyCode: USD
createServiceKeySecret: trueOr at the command line:
helm upgrade --install kubecost kubecost/cost-analyzer -n kubecost \
--set kubecostProductConfigs.azureSubscriptionID=<Azure Subscription ID> \
--set kubecostProductConfigs.azureClientID=<Azure AD App ID> \
--set kubecostProductConfigs.azureTenantID=<Azure AD Tenant ID> \
--set kubecostProductConfigs.azureClientPassword=<Azure AD Client Secret> \
--set kubecostProductConfigs.azureOfferDurableID=MS-AZR-0003P \
--set kubecostProductConfigs.azureBillingRegion=US
--set kubecostProductConfigs.currencyCode=USD
--set kubecostProductConfigs.createServiceKeySecret=truePlease let us know if you run into any issues, we are here to help.
Slack community - check out the #support channel for any help you may need & drop your introduction in the #general channel
Email: [email protected]
Edit this doc on GitHub