Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This document provides the steps for installing the Kubecost product from the AWS marketplace. More info pricing of different Kubecost versions.
To deploy Kubecost from AWS Marketplace, you need to assign an IAM policy with appropriate IAM permission to a Kubernetes service account before starting the deployment. You can either use AWS managed policy arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage or create your own IAM policy. You can learn more with AWS' Create and attach your first customer managed policy tutorial.
Here's an example IAM policy:
We recommend doing this via eksctl. The command below helps to automate these manual steps:
Create an IAM role with AWS-managed IAM policy.
Create a K8s service account name awsstore-serviceaccount in your Amazon EKS cluster.
Set up a trust relationship between the created IAM role with awsstore-serviceaccount.
Modify awsstore-serviceaccount annotation to associate it with the created IAM role
Remember to replace CLUSTER_NAME with your actual Amazon EKS cluster name.
More details and how to set up the appropriate trust relationships is available here.
Your Amazon EKS cluster needs to have IAM OIDC provider enabled to set up IRSA. Learn more with AWS' Creating an IAM OIDC provider for your cluster doc.
Define which available version you would like to install using this following command You can check available version titles from the AWS Marketplace product, e.g: prod-1.95.0:
export IMAGETAG=<VERSION-TITLE>
Deploy Kubecost with Helm using the following command:
Run this command to enable port-forwarding and access the Kubecost UI:
You can now start monitoring your Amazon EKS cluster cost with Kubecost by visiting http://localhost:9090.
Installing Kubecost on an Alibaba cluster is the same as other cloud providers with Helm v3.1+:
helm install kubecost/cost-analyzer -n kubecost -f values.yaml
Your values.yaml files must contain the below parameters:
The alibaba-service-key can be created using the following command:
Your path needs a file having Alibaba Cloud secrets. Alibaba secrets can be passed in a JSON file with the file in the format:
These two can be generated in the Alibaba Cloud portal. Hover over your user account icon, then select AccessKey Management. A new window opens. Select Create AccessKey to generate a unique access token that will be used for all activities related to Kubecost.
Currently, Kubecost does not support complete integration of your Alibaba billing data like for other major cloud providers. Instead, Kubecost will only support public pricing integration, which will provide proper list prices for all cloud-based resources. Features like reconciliation and savings insights are not available for Alibaba. For more information on setting up a public pricing integration, see our Multi-Cloud Integrations doc.
While getting all the available Storage Classes that the Alibaba K8s cluster comes with, there may not be a default storage class. Kubecost installation may fail as the cost-model pod and Prometheus server pod would be in a status pending state.
To fix this issue, make any of the Storage Classes in the Alibaba K8s cluster as Default using the below command:
Following this, installation should proceed as normal.
The following requirements are given:
Rancher with default monitoring
Use of an existing Prometheus and Grafana (Kubecost will be installed without Prometheus and Grafana)
Istio with gateway and sidecar for deployments
Kubecost v1.85.0+ includes changes to support cAdvisor metrics without the container_name rewrite rule.
Istio is activated by editing the namespace. To do this, execute the command kubectl edit namespace kubecost and insert the label istio-injection: enabled
After Istio has been activated, some adjustments must be made to the deployment with kubectl -n kubecost edit deployment kubecost-cost-analyzer to allow communication within the namespace. For example, the healtch-check is completed successfully. When editing the deployment, the two annotations must be added:
An authorization policy governs access restrictions in namespaces and specifies how resources within a namespace are allowed to access it.
Peer authentication is used to set how traffic is tunneled to the Istio sidecar. In the example, enforcing TLS is disabled so that Prometheus can grab the metrics from Kubecost (if this action is not performed, it returns at HTTP 503 error).
A destination rule is used to specify how traffic should be handled after routing to a service. In my case, TLS is disabled for connections from Kubecost to Prometheus and Grafana (namespace "cattle-monitoring-system").
A virtual service is used to direct data traffic specifically to individual services within the service mesh. The virtual service defines how the routing should run. A gateway is required for a virtual service.
After creating the virtual service, Kubecost should be accessible at the URL http(s)://${gateway}/kubecost/.
Installing Kubecost on a GKE Autopilot cluster is similar to other cloud providers with Helm v3.1+, with a few changes. Autopilot requires the use of Google Managed Prometheus service, which generates additional costs within your Google Cloud account.
helm install kubecost/cost-analyzer -n kubecost -f values.yaml
Your values.yaml files must contain the below parameters. Resources are specified for each section of the Kubecost deployment, and Pod Security Policies are disabled.
Open the OperatorConfig on your Autopilot Cluster resource for editing:
Add the following collection section to the resource:
Save the file and close the editor. After a short time, the Kubelet metric endpoints will be scraped and the metrics become available for querying in Managed Service for Prometheus.
Rafay is a SaaS-first Kubernetes Operations Platform (KOP) with enterprise-class scalability, zero-trust security and interoperability for managing applications across public clouds, data centers & edge.
See Rafay documentation to learn more about the platform and how to use it.
This document will walk you through installing Kubecost on a cluster that has been provisioned or imported using the Rafay controller. The steps below describe how to create and use a custom cluster blueprint via the Rafay Web Console. The entire workflow can also be fully automated and embedded into an automation pipeline using the RCTL CLI utility or Rafay REST APIs.
You have already provisioned or imported one or more Kubernetes clusters using the Rafay controller.
Under Integrations:
Select Repositories and create a new repository named kubecost of type Helm.
Select Create.
Enter the endpoint value of https://kubecost.github.io/cost-analyzer/.
Select Save.
You'll need to override the default values.yaml file. Create a new file called kubecost-custom-values.yaml with the following content:
Login to the Rafay Web Console and navigate to your Project as an Org Admin or Infrastructure Admin.
Under Infrastructure, select Namespaces and create a new namespace called kubecost, and select type Wizard.
Select Save & Go to Placement.
Select the cluster(s) that the namespace will be added to. Select Save & Go To Publish.
Select Publish to publish the namespace to the selected cluster(s).
Once the namespace has been published, select Exit.
Under Infrastructure, select Clusters.
Select the kubectl button on the cluster to open a virtual terminal.
Verify that the kubecost namespace has been created by running the following command:
From the Web Console:
Select Add-ons and Create a new add-on called kubecost.
Select Bring your own.
Select Helm 3 for type.
Select Pull files from repository.
Select Helm for the repository type.
Select kubecost for the namespace.
Select Select.
Create a new version of the add-on.
Select New Version.
Provide a version name such as v1.
Select kubecost for the repository.
Enter cost-analyzer for the chart name.
Upload the kubecost-custom-values.yaml file that was previously created.
Select Save Changes.
Once you've created the Kubecost add-on, use it in assembling a custom cluster blueprint. You can add other add-ons to the same custom blueprint.
Under Infrastructure, select Blueprints.
Create a new blueprint and give it a name such as kubecost.
Select Save.
Create a new version of the blueprint.
Select New Version.
Provide a version name such as v1.
Under Add-Ons, select the kubecost Add-on and the version that was previously created.
Select Save Changes.
You may now apply this custom blueprint to a cluster.
Select Options for the target cluster in the Web Console.
Select Update Blueprint and select the kubecost blueprint and version you created previously.
Select Save and Publish.
This will start the deployment of the add-ons configured in the kubecost blueprint to the targeted cluster. The blueprint sync process can take a few minutes. Once complete, the cluster will display the current cluster blueprint details and whether the sync was successful or not.
You can optionally verify whether the correct resources have been created on the cluster. Select the kubectl button on the cluster to open a virtual terminal.
Then, verify the pods in the kubecost namespace. Run kubectl get pod -n kubecost, and check that the output is similar to the example below.
In order to access the Kubecost UI, you'll need to enable access to the frontend application using port-forward. To do this, download and use the Kubeconfig with the KubeCTL CLI (../../accessproxy/kubectl_cli/).
You can now access the Kubecost UI by visiting http://localhost:9090 in your browser.
You have now successfully created a custom cluster blueprint with the kubecost add-on and applied to a cluster. Use this blueprint on as many clusters as you require.
You can find Rafay's documentation on Kubecost as well as guides for how to create or import a cluster using the Rafay controller on the Rafay Product Documentation site.
Amazon Elastic Kubernetes Services (Amazon EKS) is a managed container service to run and scale Kubernetes applications in the AWS cloud. In collaboration with Amazon EKS, Kubecost provides optimized bundle for Amazon EKS cluster cost visibility that enables customers to accurately track costs by namespace, cluster, pod or organizational concepts such as team or application. Customers can use their existing AWS support agreements to obtain support. Kubernetes platform administrators and finance leaders can use Kubecost to visualize a breakdown of their Amazon EKS cluster charges, allocate costs, and chargeback organizational units such as application teams.
In this article, you will learn more about how the Amazon EKS architecture interacts with Kubecost. You will also learn to deploy Kubecost on EKS using one of three different methods:
Deploy Kubecost on an Amazon EKS cluster using Amazon EKS add-on
Deploy Kubecost on an Amazon EKS cluster via Helm
Deploy Kubecost on an Amazon EKS Anywhere cluster using Helm
User experience diagram:
Amazon EKS cost monitoring with Kubecost architecture:
Subscribe to Kubecost on AWS Marketplace here.
You have access to an Amazon EKS cluster.
After subscribing to Kubecost on AWS Marketplace and following the on-screen instructions successfully, you are redirected to Amazon EKS console. To get started in the Amazon EKS console, go to your EKS clusters, and in the Add-ons tab, select Get more add-ons to find Kubecost EKS add-ons in the cluster setting of your existing EKS clusters. You can use the search bar to find "Kubecost - Amazon EKS cost monitoring" and follow the on-screen instructions to enable Kubecost add-on for your Amazon EKS cluster. You can learn more about direct deployment to Amazon EKS clusters from this AWS blog post.
On your workspace, run the following command to enable the Kubecost add-on for your Amazon EKS cluster:
You need to replace $YOUR_CLUSTER_NAME and $AWS_REGION accordingly with your actual Amazon EKS cluster name and AWS region.
To monitor the installation status, you can run the following command:
The Kubecost add-on should be available in a few minutes. Run the following command to enable port-forwarding to expose the Kubecost dashboard:
To disable Kubecost add-on, you can run the following command:
To get started, you can follow these steps to deploy Kubecost into your Amazon EKS cluster in a few minutes using Helm.
You have access to an Amazon EKS cluster.
If your cluster is version 1.23 or later, you must have the Amazon EBS CSI driver installed on your cluster. You can also follow these instructions to install Amazon EBS CSI driver:
Run the following command to create an IAM service account with the policies needed to use the Amazon EBS CSI Driver.
Remember to replace $CLUSTER_NAME with your actual cluster name.
Install the Amazon EBS CSI add-on for EKS using the AmazonEKS_EBS_CSI_DriverRole by issuing the following command:
After completing these prerequisite steps, you're ready to begin EKS integration.
In your environment, run the following command from your terminal to install Kubecost on your existing Amazon EKS cluster:
To install Kubecost on Amazon EKS cluster on AWS Graviton2 (ARM-based processor), you can run following command:
On the Amazon EKS cluster with mixed processor architecture worker nodes (AMD64, ARM64), this parameter can be used to schedule Kubecost deployment on ARM-based worker nodes: --set nodeSelector."beta\\.kubernetes\\.io/arch"=arm64
Remember to replace $VERSION with the actual version number. You can find all available versions via the Amazon ECR public gallery here.
By default, the installation will include certain prerequisite software including Prometheus and kube-state-metrics. To customize your deployment, such as skipping these prerequisites if you already have them running in your cluster, you can configure any of the available values to modify storage, network configuration, and more.
Run the following command to enable port-forwarding to expose the Kubecost dashboard:
You can now access Kubecost's UI by visiting http://localhost:9090 in your local web browser. Here, you can monitor your Amazon EKS cluster cost and efficiency. Depending on your organization’s requirements and setup, you may have different options to expose Kubecost for internal access. There are a few examples that you can use for your references:
See Kubecost's Ingress Examples doc as a reference for using Nginx ingress controller with basic auth.
You can also consider using AWS LoadBalancer controller to expose Kubecost and use Amazon Cognito for authentication, authorization, and user management. You can learn more via the AWS blog post Authenticate Kubecost Users with Application Load Balancer and Amazon Cognito.
Deploying Kubecost on EKS Anywhere via Helm is not the officially recommended method by Kubecost or AWS. The recommended method is via EKS add-on (see above).
Amazon EKS Anywhere (EKS-A) is an alternate deployment of EKS which allows you to create and configure on-premises clusters, including on your own virtual machines. It is possible to deploy Kubecost on EKS-A clusters to monitor spend data.
Deploying Kubecost on an EKS-A cluster should function similarly at the cluster level, such as when retrieving Allocations or Assets data. However, because on-prem servers wouldn't be visible in a CUR (as the billing source is managed outside AWS), certain features like the Cloud Cost Explorer will not be accessible.
You have installed the EKS-A installer and have access to an Amazon EKS-A cluster.
In your environment, run the following command from your terminal to install Kubecost on your existing Amazon EKS cluster:
To install Kubecost on an EKS-A cluster on AWS Graviton2 (ARM-based processor), you can run following command:
On the Amazon EKS cluster with mixed processor architecture worker nodes (AMD64, ARM64), this parameter can be used to schedule Kubecost deployment on ARM-based worker nodes: --set nodeSelector."beta\\.kubernetes\\.io/arch"=arm64
Remember to replace $VERSION with the actual version number. You can find all available versions via the Amazon ECR public gallery here.
By default, the installation will include certain prerequisite software including Prometheus and kube-state-metrics. To customize your deployment, such as skipping these prerequisites if you already have them running in your cluster, you can configure any of the available values to modify storage, network configuration, and more.
Run the following command to enable port-forwarding to expose the Kubecost dashboard:
You can now access Kubecost's UI by visiting http://localhost:9090 in your local web browser. Here, you can monitor your Amazon EKS cluster cost and efficiency through the Allocations and Assets pages.
Amazon EKS documentation:
AWS blog content:
This article is the primary reference for installing Kubecost in an air-gapped environment with a user-managed container registry.
This section details all required and optional Kubecost images. Optional images are used depending on the specific configuration needed.
Please substitute the appropriate version for prod-x.xx.x. .
To find the exact images used for each Kubecost release, a command such as this can be used:
The alpine/k8s image is not used in real deployments. It is only in the Helm chart for testing purposes.
Frontend: gcr.io/kubecost1/frontend
CostModel: gcr.io/kubecost1/cost-model
NetworkCosts: gcr.io/kubecost1/kubecost-network-costs (used for )
Cluster controller: gcr.io/kubecost1/cluster-controller:v0.9.0 (used for write actions)
BusyBox: registry.hub.docker.com/library/busybox:latest (only for NFS)
quay.io/prometheus/prometheus
prom/node-exporter
quay.io/prometheus-operator/prometheus-config-reloader
grafana/grafana
kiwigrid/k8s-sidecar
thanosio/thanos
There are two options to configure asset prices in your on-premise Kubernetes environment:
When setting CPU and RAM monthly prices, the values will be broken down to the hourly rate for the total monthly price set under kubecost.ProductConfigs.defaultModelPricing. The values will adjust accordingly in /var/configs/default.json in the kubecost cost-model container.
This method allows each individual asset in your environment to have a unique price. This leverages the Kubecost custom CSV pipeline which is available on Enterprise plans.
Kubecost supports deploying to Red Hat OpenShift (OCP) and includes options and features which assist in getting Kubecost running quickly and easily with OpenShift-specific resources.
There are two main options to deploy Kubecost on OpenShift.
More details and instructions on both deployment options are covered in the sections below.
A standard deployment of Kubecost to OpenShift is no different from deployments to other platforms with the exception of additional settings which may be required to successfully deploy to OpenShift.
Kubecost is installed with Cost Analyzer and Prometheus as a time-series database. Data is gathered by the Prometheus instance bundled with Kubecost. Kubecost then pushes and queries metrics to and from Prometheus.
The standard deployment is illustrated in the following diagram.
An existing OpenShift or OpenShift-compatible cluster (ex., OKD).
Access to the cluster to create a new project and deploy new workloads.
helm CLI installed locally.
Add the Kubecost Helm chart repository and scan for new charts.
Install Kubecost using OpenShift specific values. Note that the below command fetches the OpenShift values from the development branch which may not reflect the state of the release which was just installed. We recommend using the corresponding values file from the chart release.
Because OpenShift disallows defining certain fields in a pod's securityContext configuration, values specific to OpenShift must be used. The necessary values have already been defined in the OpenShift values file but may be customized to your specific needs.
If you want to install Kubecost with your desired cluster name, provide the following values to either your values override file or via the --set command. Remember to replace the cluster name/id with the value you wish to use for this installation.
After installation, wait for all pods to be ready. Kubecost will begin collecting data and may take up to 15 minutes for the UI to reflect the resources in the local cluster.
An existing OpenShift cluster.
Access to the cluster to create a new project and deploy new workloads.
Log in to your OCP cluster web console and select Operators > OperatorHub > then enter "Kubecost" in the search box.
Click the Install button to be taken to the operator installation page.
On the installation page, select the update approval method and then click Install.
Once the operator has been installed, create a namespace in which to deploy a Kubecost installation.
You can also select Operators > Installed Operators to review the details as shown below.
Once the namespace has been created, create the CostAnalyzer Custom Resource (CR) with the desired values for your installation. The CostAnalyzer CR represents the total Helm values used to deploy Kubecost and any of its components. This may either be created in the OperatorHub portal or via the oc CLI. The default CostAnalyzer sample provided is pre-configured for a basic installation of Kubecost.
To create the CostAnalyzer resource from OperatorHub, from the installed Kubecost operator page, click on the CostAnalyzer tab and click the Create CostAnalyzer button.
Click on the radio button YAML view to see a full example of a CostAnalyzer CR. Here, you can either create a CostAnalyzer directly or download the Custom Resource for later use.
Change the namespace field to kubecost if this was the name of your namespace created previously.
Click the Create button to create the CostAnalyzer based on the current YAML.
After about a minute, Kubecost should be up and running based upon the configuration defined in the CostAnalyzer CR. You can get details on this installation by clicking on the instance which was just deployed.
is a free, open-source tool that enables you to deploy Kubecost on Kubernetes with the cloud provider of your choice. Plural is an open-source DevOps platform for self-hosting applications on Kubernetes without the management overhead. With baked-in SSO, automated upgrades, and secret encryption, you get all the benefits of a managed service with none of the lock-in or cost.
Kubecost is available as direct install with Plural, and it synergizes very well with the ecosystem, providing cost monitoring out of the box to users that deploy their Kubernetes clusters with Plural.
First, create an account on . This is only to track your installations and allow for the delivery of automated upgrades. You will not be asked to provide any infrastructure credentials or sensitive information.
Next, install the Plural CLI by following steps 1-3 of .
You'll need a Git repository to store your Plural configuration. This will contain the Helm charts, Terraform config, and Kubernetes manifests that Plural will autogenerate for you.
You have two options:
Run plural init in any directory to let Plural initiate an OAuth workflow to create a Git repo for you.
Create a Git repo manually, clone it down, and run plural init inside it.
Running plural init will start a configuration wizard to configure your Git repo and cloud provider for use with Plural. You're now ready to install Kubecost on your Plural repo.
To find the console bundle name for your cloud provider, run:
Now, to add it your workspace, run the install command. If you're on AWS, this is what the command would look like:
Plural's Kubecost distribution has support for AWS, GCP, and Azure, so feel free to pick whichever best fits your infrastructure.
To generate the configuration and deploy your infrastructure, run:
Note: Deploys will generally take 10-20 minutes, based on your cloud provider.
To make management of your installation as simple as possible, we recommend installing the Plural Console. The console provides tools to manage resource scaling, receiving automated upgrades, creating dashboards tailored to your Kubecost installation, and log aggregation. This can be done using the exact same process as above, using AWS as an example:
Now, head over to kubecost.YOUR_SUBDOMAIN.onplural.sh to access the Kubecost UI. If you set up a different subdomain for Kubecost during installation, make sure to use that instead.
To monitor and manage your Kubecost installation, head over to the Plural Console at console.YOUR_SUBDOMAIN.onplural.sh.
To bring down your Plural installation of Kubecost at any time, run:
To bring your entire Plural deployment down, run:
Note: Only do this if you're absolutely sure you want to bring down all associated resources with this repository.
Per-resource prices can be configured in a Helm values file () or directly in the Kubecost Settings page. This allows you to directly supply the cost of a certain Kubernetes resources, such as a CPU month, a RAM Gb month, etc.
Use quotes if setting "0.00" for any item under . Failure to do so will result in the value(s) not being written to the Kubecost cost-model's PV (/var/configs/default.json).
Use a proxy for the AWS pricing API. You can set AWS_PRICING_URL via the to the address of your proxy.
Other OpenShift-specific values include the ability to deploy a Route and SecurityContextConstraints for optional components requiring more privileges such as Kubecost network costs and Prometheus node exporter. To view all the latest OpenShift-specific values and their use, please see the .
If you have not opted to do so during installation, it may be necessary to create a Route to the service kubecost-cost-analyzer on port 9090 of the kubecost project (if using default values). For more information on Routes, see the OpenShift documentation .
Kubecost offers a Red Hat community operator which can be found in the Operator Hub catalog of the OpenShift web console. When using this deployment method, the operator is installed and a Kubernetes is created which then triggers the operator to deploy the Helm chart. The chart deployed by the community operator is the same chart which is referenced in the standard deployment.
If you have not opted to do so during installation, it may be necessary to create a Route to the service kubecost-cost-analyzer on port 9090 of the kubecost project (if using default values). For more information on Routes, see the OpenShift documentation .
The CLI will prompt you to choose whether you want to use Plural OIDC. allows you to log in to the applications you host on Plural with your acting as an SSO provider.
If you have any issues with installing Kubecost on Plural, feel free to join the Plural and we can help you out.
If you'd like to request any new features for our Kubecost installation, feel free to open an issue or PR .
To learn more about what you can do with Plural and more advanced uses of the platform, feel free to dive deeper into .
