# zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost)
prometheus:
enabled: true # If false, Prometheus will not be installed -- please read this before disabling:https://github.com/kubecost/docs/blob/main/custom-prom.md
fqdn: http://cost-analyzer-prometheus-server.default.svc #example address of a prometheus to connect to. Include protocol (http:// or https://) Ignored if enabled:true
# insecureSkipVerify : false # If true, kubecost will not check the TLS cert of prometheus
# queryService: http://kubecost-thanos-query-frontend-http.kubecost:{{ .Values.thanos.queryFrontend.http.port }} # an address of the thanos query-frontend endpoint, if different from installed thanos
# queryServiceBasicAuthSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD <---enter basic auth credentials like that
# queryOffset: 3h # The offset to apply to all thanos queries in order to achieve syncronization on all cluster block stores
grafana:
enabled:true# If false, Grafana will not be installed
domainName: cost-analyzer-grafana.default.svc #example grafana domain Ignored if enabled:true
scheme:"http"# http or https, for the domain name above.
proxy:true# If true, the kubecost frontend will route to your grafana through its service endpoint
# fqdn: cost-analyzer-grafana.default.svc
# Amazon Managed Service for Prometheus
amp:
enabled:false# If true, kubecost will be configured to remote_write and query from Amazon Managed Service for Prometheus.
prometheusServerEndpoint:https://localhost:8085/<workspaceId>/# The prometheus service endpoint used by kubecost. The calls are forwarded through the SigV4Proxy side car to the AMP workspace.
remoteWriteService:https://aps-workspaces.us-west-2.amazonaws.com/workspaces/<workspaceId>/api/v1/remote_write# The remote_write endpoint for the AMP workspace.
sigv4:
region:us-west-2
# access_key: ACCESS_KEY # AWS Access key
# secret_key: SECRET_KEY # AWS Secret key
# role_arn: ROLE_ARN # AWS role arn
# profile: PROFILE # AWS profile
notifications:
# Kubecost alerting configuration
# Ref: http://docs.kubecost.com/alerts
# alertConfigs:
# frontendUrl: http://localhost:9090 # optional, used for linkbacks
# globalSlackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Slack alerts
# globalMsTeamsWebhookUrl: https://xxxxx.webhook.office.com/webhookb2/XXXXXXXXXXXXXXXXXXXXXXXX/IncomingWebhook/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Microsoft Teams alerts
authTimeout:1440# number of minutes the JWT will be valid
redirectURL:"https://dev-elu2z98r.auth0.com/v2/logout"# callback URL redirected to after logout
# audienceURI: "http://localhost:9090" # by convention, the same as the appRootURL, but any string uniquely identifying kubecost to your samp IDP. Optional if you follow the convention
# nameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" If your SAML provider requires a specific nameid format
# isGLUUProvider: false # An additional URL parameter must be appended for GLUU providers
rbac:
enabled:false
groups:
- name:admin
enabled:false# if admin is disabled, all SAML users will be able to make configuration changes to the kubecost frontend
assertionName:"http://schemas.auth0.com/userType"# a SAML Assertion, one of whose elements has a value that matches on of the values in assertionValues
assertionValues:
- "admin"
- "superusers"
- name:readonly
enabled:false# if readonly is disabled, all users authorized on SAML will default to readonly
assertionName:"http://schemas.auth0.com/userType"
assertionvalues:
- "readonly"
- name:editor
enabled:true# if editor is enabled, editors will be allowed to edit reports/alerts scoped to them, and act as readers otherwise. Users will never default to editor.
assertionName:"http://schemas.auth0.com/userType"
assertionValues:
- "editor"
oidc:
enabled:false
clientID:""# application/client client_id paramter obtained from provider, used to make requests to server
clientSecret:""# application/client client_secret paramter obtained from provider, used to make requests to server
secretName:"kubecost-oidc-secret"# k8s secret where clientsecret will be stored
authURL:"https://my.auth.server/authorize"# endpoint for login to auth server
loginRedirectURL:"http://my.kubecost.url/model/oidc/authorize"# Kubecost url configured in provider for redirect after authentication
discoveryURL:"https://my.auth.server/.well-known/openid-configuration"# url for OIDC endpoint discovery
# hostedDomain: "example.com" # optional, blocks access to the auth domain specified in the hd claim of the provider ID token
# Adds an httpProxy as an environment variable. systemProxy.enabled must be `true`to have any effect.
serviceMonitor:# the kubecost included prometheus uses scrapeConfigs and does not support service monitors. The following options assume an existing prometheus that supports serviceMonitors.
# node-export must be disabled if there is an existing daemonset: https://guide.kubecost.com/hc/en-us/articles/4407601830679-Troubleshoot-Install#a-name-node-exporter-a-issue-failedscheduling-kubecost-prometheus-node-exporter
nodeExporter:
enabled:true
# kubecost emits pre-2.0 KSM metrics, KSM is enabled by default here for backwards compatibity, but can be disabled to save resources without concern to kubecost metrics
kubeStateMetrics:
enabled:true
kube-state-metrics:
disabled:false
pushgateway:
enabled:false
persistentVolume:
enabled:true
serverFiles:
# prometheus.yml: # Sample block -- enable if using an in cluster durable store.
# this daemonset can use significant resources on large clusters: https://guide.kubecost.com/hc/en-us/articles/4407595973527-Network-Traffic-Cost-Allocation
resources:
limits: # remove the limits by setting limits:{}
cpu:500m# can be less, will depend on cluster size
# memory: it is not recommended to set a memory limit
# Kubecost bug report feature: Logs access/collection limited to .Release.Namespace
# Ref: http://docs.kubecost.com/bug-report
logCollection:true
# Basic frontend analytics
productAnalytics:true
# Report Javascript errors
errorReporting:true
valuesReporting:true
# googleAnalyticsTag allows you to embed your Google Global Site Tag to track usage of Kubecost.
# googleAnalyticsTag is only included in our Enterprise offering.
# googleAnalyticsTag: G-XXXXXXXXX
serviceMonitor:# the kubecost included prometheus uses scrapeConfigs and does not support service monitors. The following options assume an existing prometheus that supports serviceMonitors.
enabled:false
additionalLabels:{}
networkCosts:
enabled:false
scrapeTimeout:10s
additionalLabels:{}
prometheusRule:
enabled:false
additionalLabels:{}
supportNFS:false
# initChownDataImage ensures all Kubecost filepath permissions on PV or local storage are set up correctly.
initChownDataImage:"busybox"# Supports a fully qualified Docker image, e.g. registry.hub.docker.com/library/busybox:latest
initChownData:
resources:{}
#requests:
# cpu: "50m"
# memory: "20Mi"
grafana:
# namespace_datasources: kubecost # override the default namespace here
# namespace_dashboards: kubecost # override the default namespace here
# # Optional authentication credentials - only basic auth is currently supported.
# auth:
# type: basic
# # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/master/ingress-examples.md
# secretName: cluster-a-auth
# # Or pass auth directly as base64 encoded user:pass
# data: YWRtaW46YWRtaW4=
# # Or user and pass directly
# user: admin
# pass: admin
# - name: "Cluster B"
# address: http://cluster-b.kubecost.com:9090
# defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters
# CPU: 28.0
# spotCPU: 4.86
# RAM: 3.09
# spotRAM: 0.65
# GPU: 693.50
# spotGPU: 225.0
# storage: 0.04
# zoneNetworkEgress: 0.01
# regionNetworkEgress: 0.01
# internetNetworkEgress: 0.12
# enabled: true
# # The cluster profile represents a predefined set of parameters to use when calculating savings.
# # Possible values are: [ development, production, high-availability ]
# clusterProfile: production
# customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters
# spotLabel: lifecycle
# spotLabelValue: Ec2Spot
# gpuLabel: gpu
# gpuLabelValue: true
# awsServiceKeyName: ACCESSKEYID
# awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName
# awsSpotDataRegion: us-east-1
# awsSpotDataBucket: spot-data-feed-s3-bucket
# awsSpotDataPrefix: dev
# athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account
# clusterName: "" # clusterName is the default context name in settings.
# currencyCode: "USD" # official support for USD, AUD, BRL, CAD, CHF, CNY, DKK, EUR, GBP, INR, JPY, NOK, PLN, SEK
# azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
# serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret
# createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually
# sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring"
# sharedOverhead: "" # value representing a fixed external cost per month to be distributed among aggregations.
# shareTenancyCosts: true # enable or disable sharing costs such as cluster management fees (defaults to "true" on Settings page)
# metricsConfigs: # configuration for metrics emitted by Kubecost
# disabledMetrics: [] # list of metrics that Kubecost will not emit. Note that disabling metrics can lead to unexpected behavior in the cost-model.
# productKey: # apply business or enterprise product license
# key: ""
# enabled: false
# secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" }
# mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "kc-b1325234" }
# cloudIntegrationSecret: "cloud-integration"
# ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior.
