Kubecost needs access to the Microsoft Azure Billing Rate Card API to access accurate pricing data for your Kubernetes resources.
Note: You can also get this functionality plus external costs by completing the full Azure billing integration.
Start by creating an Azure role definition. Below is an example definition, replace YOUR_SUBSCRIPTION_ID with the Subscription ID where your Kubernetes Cluster lives:
{
"Name": "KubecostRole",
"IsCustom": true,
"Description": "Rate Card query role",
"Actions": [
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/providers/read",
"Microsoft.ContainerService/containerServices/read",
"Microsoft.Commerce/RateCard/read"
],
"AssignableScopes": [
"/subscriptions/YOUR_SUBSCRIPTION_ID"
]
}Save this into a file called myrole.json
Next, you'll want to register that role with Azure:
az role definition create --verbose --role-definition @myrole.jsonNext, create an Azure Service Principal.
az ad sp create-for-rbac --name "KubecostAccess" --role "KubecostRole" --scope "/subscriptions/YOUR_SUBSCRIPTION_ID" --output jsonKeep this information which is used in the service-key.json below.
Create a file called service-key.json and update it with the Service Principal details from the above steps:
{
"subscriptionId": "<Azure Subscription ID>",
"serviceKey": {
"appId": "<Azure AD App ID>",
"displayName": "KubecostAccess",
"password": "<Azure AD Client Secret>",
"tenant": "<Azure AD Tenant ID>"
}
}Next, create a secret for the Azure Service Principal
Note: When managing the service account key as a Kubernetes secret, the secret must reference the service account key JSON file, and that file must be named
service-key.json.
kubectl create secret generic azure-service-key -n kubecost --from-file=service-key.jsonFinally, set the kubecostProductConfigs.serviceKeySecretName helm value to the name of the Kubernetes secret you created. We use the value azure-service-key in our examples.
In the Helm values file:
kubecostProductConfigs:
azureSubscriptionID: <Azure Subscription ID>
azureClientID: <Azure AD App ID>
azureTenantID: <Azure AD Tenant ID>
azureClientPassword: <Azure AD Client Secret>
azureOfferDurableID: MS-AZR-0003P
azureBillingRegion: US
currencyCode: USD
createServiceKeySecret: trueOr at the command line:
helm upgrade --install kubecost kubecost/cost-analyzer -n kubecost \
--set kubecostProductConfigs.azureSubscriptionID=<Azure Subscription ID> \
--set kubecostProductConfigs.azureClientID=<Azure AD App ID> \
--set kubecostProductConfigs.azureTenantID=<Azure AD Tenant ID> \
--set kubecostProductConfigs.azureClientPassword=<Azure AD Client Secret> \
--set kubecostProductConfigs.azureOfferDurableID=MS-AZR-0003P \
--set kubecostProductConfigs.azureBillingRegion=US
--set kubecostProductConfigs.currencyCode=USD
--set kubecostProductConfigs.createServiceKeySecret=trueKubecost supports querying the Azure APIs for cost data based on the region, offer durable ID, and currency defined in your Microsoft Azure offer.
Those properties are configured with the following helm values:
kubecostProductConfigs.azureBillingRegionkubecostProductConfigs.azureOfferDurableIDkubecostProductConfigs.currencyCode
Be sure to verify your billing information with Microsoft and update the above Helm values to reflect your bill to country, subscription offer durable id/number, and currency.
The following Microsoft documents are a helpful reference: