This repo contains settings that are frequently required in OpenShift and other clusters requiring specific container security constraints.
There are two templates for container SecurityContexts: values-restricted-podsecurity.yaml values-unrestricted-podsecurity.yaml One must be used or there will be helm failure for nil pointers.
helm upgrade --install kubecost \
--repo https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/ cost-analyzer \
--namespace kubecost --create-namespace \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/values-openshift.yaml
1. Customize the configuration:
Cluster Name: All clusters need to have a unique cluster name, update CLUSTER_NAME and any other configurations in values-custom.yaml, save to your local repo.
Note: All changes to the helm install should be done in to the values-custom.yaml, leaving all other value files as is.
Shared Storage: Each cluster will write to a shared object-store (S3/Thanos compatible). See this repo for example object-store.yaml configurations under the appropriate provider. Any Thanos supported storage will work.
oc create secret generic kubecost-thanos --from-file=object-store.yaml=[/path/to/file/]object-store.yaml -n kubecost
Cloud Integration: Cloud Integration is optional and only used on a primary cluster. If enabled, Kubecost will pull actual billing from the cloud provider to reconcile the short-term OnDemand prices with actual. See this repo for examples for each cloud provider.
If not using cloud-integration, comment out the secret in values-custom.yaml
Note that on-prem custom pricing is supported as well. Contact us for help with this.
2. Install Kubecost Primary Cluster
A Kubecost primary cluster can be run in any account or on-prem- it does not need to run in the "master payer account"
edit values-custom.yaml with any settings that differ from the repo defaults.
helm upgrade --install kubecost \
--repo https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/ cost-analyzer \
--namespace kubecost --create-namespace \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/disable-psps.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/values-thanos.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/values-unrestricted-podsecurity.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/kubecost-primary-cluster-settings.yaml \
-f path-to/values-custom.yaml
**3. Install Kubecost agent-only
Clusters:
Note: values-custom.yaml should have a unique cluster name for each cluster
helm upgrade --install kubecost \
--repo https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/ cost-analyzer \
--namespace kubecost --create-namespace \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/disable-psps.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/values-thanos.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/values-unrestricted-podsecurity.yaml \
-f https://raw.githubusercontent.com/kubecost/openshift-helm-chart/main/cost-analyzer/kubecost-secondary-cluster-settings.yaml \
-f path-to/values-custom.yaml
Wait for all pods to be ready.
Create a route to the service kubecost-cost-analyzer
on port 9090
of the kubecost
project. You can learn more about how to do it on your Openshift portal in this LINK
Kubecost will be collecting data, please wait 5-15 minutes before the UI to reflect the resources in the local cluster if using a single cluster install. Wait 4 hours if using Thanos.
For advanced setup or if you have any questions, you can contact us on Slack or email at [email protected]
To participate in our free Enterprise onboarding program, contact us at [email protected] to schedule these sessions!