From 869a4c11bf84e94d873a329650ce74b12680bbef Mon Sep 17 00:00:00 2001 From: thomasvn Date: Thu, 3 Oct 2024 19:08:53 -0700 Subject: [PATCH 1/4] Begin standardizing comments --- cost-analyzer/values.yaml | 86 ++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 42 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 220cf02d6..9818d2c5b 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -1,57 +1,60 @@ global: - # zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost) + ## If your DNS server doesn't live in the same zone as Kubecost + # zone: cluster.local + + ## Kubecost-bundled Prometheus + ## It is recommended to leave these configurations as-is. If using your own + ## Prometheus, read the following documentation to understand the risks. + ## Ref: https://docs.kubecost.com/install-and-configure/install/custom-prom prometheus: - enabled: true # Kubecost depends on Prometheus data, it is not optional. When enabled: false, Prometheus will not be installed and you must configure your own Prometheus to scrape kubecost as well as provide the fqdn below. -- Warning: Before changing this setting, please read to understand the risks https://docs.kubecost.com/install-and-configure/install/custom-prom - fqdn: http://cost-analyzer-prometheus-server.default.svc # example address of a prometheus to connect to. Include protocol (http:// or https://) Ignored if enabled: true - # insecureSkipVerify: false # If true, kubecost will not check the TLS cert of prometheus - # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD + enabled: true + fqdn: http://cost-analyzer-prometheus-server.default.svc # Address of a Prometheus to connect to if enabled=false + # insecureSkipVerify: false # If true, Kubecost will not check the TLS cert of prometheus + # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD # queryServiceBearerTokenSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN + ## Kubecost-bundled Grafana grafana: - enabled: true # If false, Grafana will not be installed - domainName: cost-analyzer-grafana.default.svc # example grafana domain Ignored if enabled: true - scheme: "http" # http or https, for the domain name above. - proxy: true # If true, the kubecost frontend will route to your grafana through its service endpoint + enabled: true + domainName: cost-analyzer-grafana.default.svc # Address to Grafana. Ignored if enabled=true. + scheme: "http" + proxy: true # If true, the Kubecost frontend will route to your grafana through its service endpoint # fqdn: cost-analyzer-grafana.default.svc - # Enable only when you are using GCP Marketplace ENT listing. Learn more at https://console.cloud.google.com/marketplace/product/kubecost-public/kubecost-ent + ## GCP Marketplace Enterprise Listing + ## Ref: https://console.cloud.google.com/marketplace/product/kubecost-public/kubecost-ent gcpstore: enabled: false - # Google Cloud Managed Service for Prometheus + ## Google Cloud Managed Service for Prometheus (GMP) + ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/gcp-gmp-integration + ## Ref: https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-unmanaged gmp: - # Remember to set up these parameters when install the Kubecost Helm chart with `global.gmp.enabled=true` if you want to use GMP self-deployed collection (Recommended) to utilize Kubecost scrape configs. - # If enabling GMP, it is highly recommended to utilize Google's distribution of Prometheus. - # Learn more at https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-unmanaged - # --set prometheus.server.image.repository="gke.gcr.io/prometheus-engine/prometheus" \ - # --set prometheus.server.image.tag="v2.35.0-gmp.2-gke.0" - enabled: false # If true, kubecost will be configured to use GMP Prometheus image and query from Google Cloud Managed Service for Prometheus. - prometheusServerEndpoint: http://localhost:8085/ # The prometheus service endpoint used by kubecost. The calls are forwarded through the GMP Prom proxy side car to the GMP database. + enabled: false + prometheusServerEndpoint: http://localhost:8085/ gmpProxy: enabled: false - image: gke.gcr.io/prometheus-engine/frontend:v0.4.1-gke.0 # GMP Prometheus proxy image that serve as an endpoint to query metrics from GMP + image: gke.gcr.io/prometheus-engine/frontend:v0.4.1-gke.0 imagePullPolicy: IfNotPresent name: gmp-proxy port: 8085 - projectId: YOUR_PROJECT_ID # example GCP project ID + projectId: "" - # Amazon Managed Service for Prometheus + ## Amazon Managed Service for Prometheus (AMP) + ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/aws-amp-integration amp: - enabled: false # If true, kubecost will be configured to remote_write and query from Amazon Managed Service for Prometheus. - prometheusServerEndpoint: http://localhost:8005/workspaces// # The prometheus service endpoint used by kubecost. The calls are forwarded through the SigV4Proxy side car to the AMP workspace. - remoteWriteService: https://aps-workspaces.us-west-2.amazonaws.com/workspaces//api/v1/remote_write # The remote_write endpoint for the AMP workspace. + enabled: false + prometheusServerEndpoint: http://localhost:8005/workspaces// + remoteWriteService: https://aps-workspaces.us-west-2.amazonaws.com/workspaces//api/v1/remote_write sigv4: region: us-west-2 - # access_key: ACCESS_KEY # AWS Access key - # secret_key: SECRET_KEY # AWS Secret key - # role_arn: ROLE_ARN # AWS role arn - # profile: PROFILE # AWS profile - - # Mimir Proxy to help Kubecost to query metrics from multi-tenant Grafana Mimir. - # Set `global.mimirProxy.enabled=true` and `global.prometheus.enabled=false` to enable Mimir Proxy. - # You also need to set `global.prometheus.fqdn=http://kubecost-cost-analyzer-mimir-proxy.kubecost.svc:8085/prometheus` - # or `global.prometheus.fqdn=http://{{ template "cost-analyzer.fullname" . }}-mimir-proxy.{{ .Release.Namespace }}.svc:8085/prometheus' - # Learn more at https://grafana.com/docs/mimir/latest/operators-guide/secure/authentication-and-authorization/#without-an-authenticating-reverse-proxy + # access_key: AWS_ACCESS_KEY + # secret_key: AWS_SECRET_KEY + # role_arn: AWS_ROLE_ARN + # profile: AWS_PROFILE + + ## GrafanaMimir Proxy + ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/grafana-mimir-integration mimirProxy: enabled: false name: mimir-proxy @@ -70,11 +73,11 @@ global: prometheusServerEndpoint: http://localhost:8081/ remoteWriteService: $ queryEndpoint: $ - aadAuthProxy: enabled: false - # per https://github.com/Azure/aad-auth-proxy/releases/tag/0.1.0-main-04-10-2024-7067ac84 - image: $ # Example: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84 + ## Ref: https://github.com/Azure/aad-auth-proxy/releases/tag/0.1.0-main-04-10-2024-7067ac84 + ## Example: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84 + image: $ imagePullPolicy: IfNotPresent name: aad-auth-proxy port: 8081 @@ -197,12 +200,11 @@ global: # - property: "service" # value: "service1" # corresponds to a value to filter cloud cost aggregate by service data on. + ## Globally set annotations and labels + additionalLabels: {} # Applies to Deployments, StatefulSets, DaemonSets, and their pod templates podAnnotations: {} - # iam.amazonaws.com/role: role-arn - - # Applies these labels to all Deployments, StatefulSets, DaemonSets, and their pod templates. - additionalLabels: {} + ## Globally set security context securityContext: runAsNonRoot: true seccompProfile: @@ -219,7 +221,7 @@ global: drop: - ALL - # Platforms is a higher-level abstraction for platform-specific values and settings. + ## Platform-specific configurations platforms: # Deploying to OpenShift (OCP) requires enabling this option. openshift: From 27091fd970f474d966214f0737c3f467121f63ec Mon Sep 17 00:00:00 2001 From: thomasvn Date: Thu, 3 Oct 2024 22:32:39 -0700 Subject: [PATCH 2/4] More standardized comments. --- .../cost-analyzer-deployment-template.yaml | 8 +- cost-analyzer/values.yaml | 167 +++++++++--------- 2 files changed, 85 insertions(+), 90 deletions(-) diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index dba2ce204..a59d96901 100644 --- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -888,17 +888,17 @@ spec: {{- end }} {{- if .Values.kubecostMetrics }} - name: EMIT_POD_ANNOTATIONS_METRIC - value: {{ (quote .Values.kubecostMetrics.emitPodAnnotations) | default (quote false) }} + value: {{ (quote .Values.kubecostMetrics.emitPodAnnotations) }} - name: EMIT_NAMESPACE_ANNOTATIONS_METRIC - value: {{ (quote .Values.kubecostMetrics.emitNamespaceAnnotations) | default (quote false) }} + value: {{ (quote .Values.kubecostMetrics.emitNamespaceAnnotations) }} {{- end }} {{- if .Values.kubecostMetrics }} - name: EMIT_KSM_V1_METRICS - value: {{ (quote .Values.kubecostMetrics.emitKsmV1Metrics) | default (quote true) }} + value: {{ (quote .Values.kubecostMetrics.emitKsmV1Metrics) }} {{- end }} {{- if .Values.kubecostMetrics }} - name: EMIT_KSM_V1_METRICS_ONLY # ONLY emit KSM v1 metrics that do not exist in KSM 2 by default - value: {{ (quote .Values.kubecostMetrics.emitKsmV1MetricsOnly) | default (quote false) }} + value: {{ (quote .Values.kubecostMetrics.emitKsmV1MetricsOnly) }} {{- end }} {{- if .Values.reporting }} - name: LOG_COLLECTION_ENABLED diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 9818d2c5b..0ebfef930 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -1,11 +1,13 @@ global: ## If your DNS server doesn't live in the same zone as Kubecost + ## # zone: cluster.local ## Kubecost-bundled Prometheus ## It is recommended to leave these configurations as-is. If using your own ## Prometheus, read the following documentation to understand the risks. ## Ref: https://docs.kubecost.com/install-and-configure/install/custom-prom + ## prometheus: enabled: true fqdn: http://cost-analyzer-prometheus-server.default.svc # Address of a Prometheus to connect to if enabled=false @@ -14,6 +16,7 @@ global: # queryServiceBearerTokenSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN ## Kubecost-bundled Grafana + ## grafana: enabled: true domainName: cost-analyzer-grafana.default.svc # Address to Grafana. Ignored if enabled=true. @@ -23,12 +26,14 @@ global: ## GCP Marketplace Enterprise Listing ## Ref: https://console.cloud.google.com/marketplace/product/kubecost-public/kubecost-ent + ## gcpstore: enabled: false ## Google Cloud Managed Service for Prometheus (GMP) ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/gcp-gmp-integration ## Ref: https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-unmanaged + ## gmp: enabled: false prometheusServerEndpoint: http://localhost:8085/ @@ -42,6 +47,7 @@ global: ## Amazon Managed Service for Prometheus (AMP) ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/aws-amp-integration + ## amp: enabled: false prometheusServerEndpoint: http://localhost:8005/workspaces// @@ -55,6 +61,7 @@ global: ## GrafanaMimir Proxy ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/custom-prom/grafana-mimir-integration + ## mimirProxy: enabled: false name: mimir-proxy @@ -68,6 +75,7 @@ global: ## Azure Monitor Managed Service for Prometheus ## Ref: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/prometheus-remote-write-virtual-machines + ## ammsp: enabled: false prometheusServerEndpoint: http://localhost:8081/ @@ -88,6 +96,7 @@ global: ## Kubecost Alerting ## Ref: http://docs.kubecost.com/alerts + ## notifications: # alertConfigs: # frontendUrl: http://localhost:9090 # Optional @@ -146,6 +155,7 @@ global: ## Kubecost Saved Reports ## Ref: http://docs.kubecost.com/saved-reports + ## savedReports: enabled: false # If true, overwrites report parameters set through UI reports: @@ -201,10 +211,12 @@ global: # value: "service1" # corresponds to a value to filter cloud cost aggregate by service data on. ## Globally set annotations and labels + ## additionalLabels: {} # Applies to Deployments, StatefulSets, DaemonSets, and their pod templates podAnnotations: {} ## Globally set security context + ## securityContext: runAsNonRoot: true seccompProfile: @@ -222,6 +234,7 @@ global: - ALL ## Platform-specific configurations + ## platforms: # Deploying to OpenShift (OCP) requires enabling this option. openshift: @@ -246,6 +259,7 @@ global: ## Kubecost Integrations ## Ref: https://docs.kubecost.com/integrations + ## integrations: postgres: enabled: false @@ -286,13 +300,16 @@ global: # aggregate: "service" ## Provide a name override for the chart. -# nameOverride: "" +## +nameOverride: "" + ## Provide a full name override option for the chart. -# fullnameOverride: "" +## +fullnameOverride: "" ## Provide additional labels for the chart. -# chartLabels: -# app.kubernetes.io/name: kubecost-cost-analyzer +## +chartLabels: [] ## This flag is only required for users upgrading to a new version of Kubecost. ## The flag is used to ensure users are aware of important @@ -301,10 +318,13 @@ global: upgrade: toV2: false -# generated at http://kubecost.com/install, used for alerts tracking and free trials -kubecostToken: # "" +## Generated at http://kubecost.com/install, used for alerts tracking and free trials +## +kubecostToken: "" -# Advanced pipeline for custom prices, enterprise key required +## Custom CSV Pricing (enterprise key required) +## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/csv-pricing +## pricingCsv: enabled: false location: @@ -315,6 +335,7 @@ pricingCsv: ## Kubecost SAML (enterprise key required) ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/user-management-saml +## saml: enabled: false # secretName: "" @@ -352,6 +373,7 @@ saml: ## Kubecost OIDC (enterprise key required) ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/user-management-oidc +## oidc: enabled: false clientID: "" # Application client_id parameter obtained from provider. Used to make requests to server. @@ -397,98 +419,85 @@ systemProxy: httpsProxyUrl: "" noProxy: "" -# imagePullSecrets: -# - name: "image-pull-secret" +## ImagePullSecrets applied to all resources +## +imagePullSecrets: [] -# imageVersion uses the base image name (image:) but overrides the version -# pulled. It should be avoided. If non-default behavior is needed, use -# fullImageName for the relevant component. -# imageVersion: +## Overrides imageVersion of all resources. This config should generally be +## avoided in favor of fullImageName. +## +imageVersion: "" +## Kubecost Frontend +## kubecostFrontend: enabled: true - deployMethod: singlepod # haMode or singlepod - haMode is currently only supported with Enterprise tier - haReplicas: 2 # only used with haMode + deployMethod: singlepod # "haMode" or "singlepod". "haMode" is currently only supported with Enterprise tier + haReplicas: 2 # Only used with "haMode" image: "gcr.io/kubecost1/frontend" imagePullPolicy: IfNotPresent - # fullImageName overrides the default image construction logic. The exact - # image provided (registry, image, tag) will be used for the frontend. - # fullImageName: - - # extraEnv: - # - name: NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE - # value: "1" - # securityContext: - # readOnlyRootFilesystem: true + fullImageName: "" # Overrides default image. Must provide "registry/image:tag". + extraEnv: [] + securityContext: {} resources: requests: cpu: "10m" memory: "55Mi" - # limits: - # cpu: "100m" - # memory: "256Mi" deploymentStrategy: {} - # rollingUpdate: - # maxSurge: 1 - # maxUnavailable: 1 - # type: RollingUpdate - - # Define a readiness probe for the Kubecost frontend container. readinessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 5 failureThreshold: 6 - - # Define a liveness probe for the Kubecost frontend container. livenessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 5 failureThreshold: 6 ipv6: - enabled: true # disable if the cluster does not support ipv6 - # timeoutSeconds: 600 # should be rarely used, but can be increased if needed - # allow customizing nginx-conf server block + enabled: true # Disable if the cluster does not support ipv6 + timeoutSeconds: 600 # Should be rarely used, but can be increased if needed # extraServerConfig: |- # proxy_busy_buffers_size 512k; # proxy_buffers 4 512k; # proxy_buffer_size 256k; # large_client_header_buffers 4 64k; - # hideDiagnostics: false # useful if the primary is not monitored. Supported in limited environments. - # hideOrphanedResources: false # OrphanedResources works on the primary-cluster's cloud-provider only. + hideDiagnostics: false # Useful if the primary is not monitored. Supported in limited environments. + hideOrphanedResources: false # OrphanedResources works on the primary-cluster's cloud-provider only. - # set to true to set all upstreams to use ..svc.cluster.local instead of just . + ## Set to true to set all upstreams to use "..svc.cluster.local" instead of just "." useDefaultFqdn: false -# api: -# fqdn: kubecost-api.kubecost.svc.cluster.local:9001 -# model: -# fqdn: kubecost-model.kubecost.svc.cluster.local:9003 -# forecasting: -# fqdn: kubecost-forcasting.kubecost.svc.cluster.local:5000 -# aggregator: -# fqdn: kubecost-aggregator.kubecost.svc.cluster.local:9004 -# cloudCost: -# fqdn: kubecost-cloud-cost.kubecost.svc.cluster.local:9005 -# multiClusterDiagnostics: -# fqdn: kubecost-multi-diag.kubecost.svc.cluster.local:9007 -# clusterController: -# fqdn: cluster-controller.kubecost.svc.cluster.local:9731 - -# Kubecost Metrics deploys a separate pod which will emit kubernetes specific metrics required -# by the cost-model. This pod is designed to remain active and decoupled from the cost-model itself. -# However, disabling this service/pod deployment will flag the cost-model to emit the metrics instead. + + ## Or, specify the FQDN for each service + api: + fqdn: "" + model: + fqdn: "" + forecasting: + fqdn: "" + aggregator: + fqdn: "" + cloudCost: + fqdn: "" + multiClusterDiagnostics: + fqdn: "" + clusterController: + fqdn: "" + +## Kubecost Metrics and Exporters +## kubecostMetrics: - # emitPodAnnotations: false - # emitNamespaceAnnotations: false - # emitKsmV1Metrics: true # emit all KSM metrics in KSM v1. - # emitKsmV1MetricsOnly: false # emit only the KSM metrics missing from KSM v2. Advanced users only. - - # Optional - # The metrics exporter is a separate deployment and service (for prometheus scrape auto-discovery) - # which emits metrics cost-model relies on. Enabling this deployment also removes the KSM dependency - # from the cost-model. If the deployment is not enabled, the metrics will continue to be emitted from - # the cost-model. + ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/annotations + emitPodAnnotations: false + emitNamespaceAnnotations: false + + ## Ref: https://docs.kubecost.com/architecture/ksm-metrics + emitKsmV1Metrics: true # Emit all KSM metrics in KSMv1. + emitKsmV1MetricsOnly: false # Emit only the KSMv1 metrics missing from KSMv2. Advanced users only. + + ## OPTIONAL. Kubecost Metrics Exporter is a separate a separate deployment and + ## service (for prometheus scrape auto-discovery) which emits metrics + ## cost-model relies on. exporter: enabled: false port: 9005 @@ -496,35 +505,22 @@ kubecostMetrics: # Set to false and use service.annotations (below) to set custom scrape annotations. prometheusScrape: true resources: {} - # requests: - # cpu: "200m" - # memory: "55Mi" - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ tolerations: [] - - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" affinity: {} - service: annotations: {} - - # Service Monitor for Kubecost Metrics - serviceMonitor: # the kubecost included prometheus uses scrapeConfigs and does not support service monitors. The following options assume an existing prometheus that supports serviceMonitors. + serviceMonitor: enabled: false additionalLabels: {} metricRelabelings: [] relabelings: [] - ## PriorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" additionalLabels: {} nodeSelector: {} extraArgs: [] +## AWS SigV4 Proxy. Typically used with Amazon Managed Prometheus (AMP). +## sigV4Proxy: image: public.ecr.aws/aws-observability/aws-sigv4-proxy:latest imagePullPolicy: IfNotPresent @@ -538,7 +534,6 @@ sigV4Proxy: # value: # - name: AWS_SECRET_ACCESS_KEY # value: - # Optional resource requests and limits for the sigV4proxy container. resources: {} kubecostModel: From aaec629d0ca151077afb377ccd2ee08e937425be Mon Sep 17 00:00:00 2001 From: thomasvn Date: Thu, 3 Oct 2024 22:57:38 -0700 Subject: [PATCH 3/4] More comments --- cost-analyzer/values.yaml | 130 +++++++++++--------------------------- 1 file changed, 38 insertions(+), 92 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 0ebfef930..82d5aeb1e 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -373,7 +373,7 @@ saml: ## Kubecost OIDC (enterprise key required) ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/user-management-oidc -## +## oidc: enabled: false clientID: "" # Application client_id parameter obtained from provider. Used to make requests to server. @@ -520,7 +520,7 @@ kubecostMetrics: extraArgs: [] ## AWS SigV4 Proxy. Typically used with Amazon Managed Prometheus (AMP). -## +## sigV4Proxy: image: public.ecr.aws/aws-observability/aws-sigv4-proxy:latest imagePullPolicy: IfNotPresent @@ -536,41 +536,33 @@ sigV4Proxy: # value: resources: {} +## Kubecost cost-analyzer +## kubecostModel: image: "gcr.io/kubecost1/cost-model" imagePullPolicy: IfNotPresent - # fullImageName overrides the default image construction logic. The exact - # image provided (registry, image, tag) will be used for cost-model. - # fullImageName: - - # securityContext: - # readOnlyRootFilesystem: true - - # Build local cost allocation cache - warmCache: false - # Run allocation ETL pipelines - etl: true - # Enable the ETL filestore backing storage + fullImageName: "" # Overrides default image. Must provide "registry/image:tag". + securityContext: {} etlFileStoreEnabled: true - # The total number of days the ETL pipelines will build - # Set to 0 to disable daily ETL (not recommended) + + ## The total number of days the ETL pipelines will build + ## Set to 0 to disable daily ETL (not recommended) etlDailyStoreDurationDays: 91 - # The total number of hours the ETL pipelines will build - # Set to 0 to disable hourly ETL (recommended for large environments) - # Must be < prometheus server retention, otherwise empty data may overwrite - # known-good data + + ## The total number of hours the ETL pipelines will build + ## Set to 0 to disable hourly ETL (recommended for large environments) + ## Must be < prometheus server retention, otherwise empty data may overwrite + ## known-good data etlHourlyStoreDurationHours: 49 - # For deploying kubecost in a cluster that does not self-monitor + + ## For deploying kubecost in a cluster that does not self-monitor etlReadOnlyMode: false - ## The name of the Secret containing a bucket config for Federated storage. - ## The contents should be stored under a key named federated-store.yaml. + ## Name of the k8s secret configured to your federated storage bucket. ## Ref: https://docs.kubecost.com/install-and-configure/install/multi-cluster/long-term-storage-configuration - # federatedStorageConfigSecret: federated-store + federatedStorageConfigSecret: "" - ## Federated storage config can be supplied via a secret or the yaml block - ## below when using the block below, only a single provider is supported, - ## others are for example purposes. + ## An alternative to federatedStorageConfigSecret. Supply the yaml block as a string. ## Ref: https://docs.kubecost.com/install-and-configure/install/multi-cluster/long-term-storage-configuration # federatedStorageConfig: |- # # AWS EXAMPLE @@ -579,7 +571,6 @@ kubecostModel: # bucket: kubecost-federated-storage-bucket # endpoint: s3.amazonaws.com # region: us-east-1 - # # best practice is to use pod identities to access AWS resources. Otherwise it is possible to use an access_key and secret_key # access_key: "" # secret_key: "" # # AZURE EXAMPLE @@ -607,7 +598,8 @@ kubecostModel: # "client_x509_cert_url": "" # } - # Installs Kubecost/OpenCost plugins + ## Installs Kubecost/OpenCost plugins + ## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/external-costs plugins: enabled: false install: @@ -624,69 +616,47 @@ kubecostModel: runAsNonRoot: true runAsUser: 1001 folder: /opt/opencost/plugin - - # leave this commented to always download most recent version of plugins - # version: - - # the list of enabled plugins + # version: # leave this commented to always download most recent version of plugins enabledPlugins: [] - # - datadog - - # pre-existing secret for plugin configuration existingCustomSecret: enabled: false name: "" # name of the secret containing plugin config - secretName: kubecost-plugin-secret - - # uncomment this to define plugin configuration via the values file + ## Uncomment this to define plugin configuration via the values file # configs: - # datadog: | - # { - # "datadog_site": "", - # "datadog_api_key": "", - # "datadog_app_key": "" - # } + # datadog: | + # { + # "datadog_site": "", + # "datadog_api_key": "", + # "datadog_app_key": "" + # } allocation: - # Enables or disables adding node labels to allocation data (i.e. workloads). - # Defaults to "true" and starts with a sensible includeList for basics like - # topology (e.g. zone, region) and instance type labels. + ## Enables or disables adding node labels to allocation data (i.e. workloads). + ## Defaults to "true" and starts with a sensible includeList for basics like + ## topology (e.g. zone, region) and instance type labels. # nodeLabels: # enabled: true # includeList: "node.kubernetes.io/instance-type,topology.kubernetes.io/region,topology.kubernetes.io/zone" - # Enables or disables the ContainerStats pipeline, used for quantile-based - # queries like for request sizing recommendations. - # ContainerStats provides support for quantile-based request right-sizing - # recommendations. - # - # It is disabled by default to avoid problems in extremely high-scale Thanos - # environments. If you would like to try quantile-based request-sizing - # recommendations, enable this! If you are in a high-scale environment, - # please monitor Kubecost logs, Thanos query logs, and Thanos load closely. - # We hope to make major improvements at scale here soon! - # + ## Enables or disables the ContainerStats pipeline, used for quantile-based + ## queries like for request sizing recommendations. + ## Ref: https://docs.kubecost.com/architecture/containerstats-pipeline + ## containerStatsEnabled: true # enabled by default as of v2.2.0 - # max number of concurrent Prometheus queries + ## Max number of concurrent Prometheus queries maxQueryConcurrency: 5 + resources: requests: cpu: "200m" memory: "55Mi" - # limits: - # cpu: "800m" - # memory: "256Mi" - - # Define a readiness probe for the Kubecost cost-model container. readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 200 - - # Define a liveness probe for the Kubecost cost-model container. livenessProbe: enabled: true initialDelaySeconds: 10 @@ -706,31 +676,7 @@ kubecostModel: # - name: ASSET_INCLUDE_LOCAL_DISK_COST # value: "true" - # creates an ingress directly to the model container, for API access - ingress: - enabled: false - # className: nginx - labels: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - paths: ["/"] - pathType: ImplementationSpecific - hosts: - - cost-analyzer-model.local - tls: [] - # - secretName: cost-analyzer-model-tls - # hosts: - # - cost-analyzer-model.local utcOffset: "+00:00" - # Optional - add extra ports to the cost-model container. For kubecost development purposes only - not recommended for users. - extraPorts: [] - # - name: debug - # port: 40000 - # targetPort: 40000 - # containerPort: 40000 ## etlUtils is a utility typically used by Enterprise customers transitioning ## from v1 to v2 of Kubecost. It translates the data from the "/etl" dir of the From f1911e27c9e57b23d75c430eb073b8cb19f97e69 Mon Sep 17 00:00:00 2001 From: thomasvn Date: Wed, 30 Oct 2024 17:41:16 -0700 Subject: [PATCH 4/4] Progress on standardizing comments. --- cost-analyzer/values.yaml | 133 +++++++++++++++++--------------------- 1 file changed, 58 insertions(+), 75 deletions(-) diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml index 39f14a794..bb705d06f 100644 --- a/cost-analyzer/values.yaml +++ b/cost-analyzer/values.yaml @@ -512,7 +512,7 @@ sigV4Proxy: # value: resources: {} -## Kubecost cost-analyzer +## Kubecost cost-model container inside the cost-analyzer pod ## kubecostModel: image: "gcr.io/kubecost1/cost-model" @@ -640,7 +640,7 @@ kubecostModel: failureThreshold: 200 extraArgs: [] - # Optional. A list of extra environment variables to be added to the cost-model container. + ## Optional. A list of extra environment variables to be added to the cost-model container. # extraEnv: # - name: LOG_FORMAT # value: json @@ -667,7 +667,9 @@ etlUtils: annotations: {} affinity: {} -# Basic Kubecost ingress, more examples available at https://docs.kubecost.com/install-and-configure/install/ingress-examples +## Ingress to the Kubecost frontend. More examples available at +## https://docs.kubecost.com/install-and-configure/install/ingress-examples +## ingress: enabled: false # className: nginx @@ -677,7 +679,7 @@ ingress: annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - paths: ["/"] # There's no need to route specifically to the pods-- we have an nginx deployed that handles routing + paths: ["/"] # There's no need to route specifically to the pods. Kubecost has an nginx deployed that handles routing pathType: ImplementationSpecific hosts: - cost-analyzer.local @@ -686,6 +688,8 @@ ingress: # hosts: # - cost-analyzer.local +## Configurations for the cost-analyzer deployment. +## nodeSelector: {} tolerations: [] affinity: {} @@ -695,16 +699,13 @@ priority: name: "" extraVolumes: [] extraVolumeMounts: [] - -# Define persistence volume for cost-analyzer, more information at https://docs.kubecost.com/install-and-configure/install/storage persistentVolume: size: 32Gi enabled: true # Note that setting this to false means configurations will be wiped out on pod restart. - # storageClass: "-" # - # existingClaim: kubecost-cost-analyzer # a claim in the same namespace as kubecost + storageClass: "" + existingClaim: "" # An existing persistentVolumeClaim if one exists in the same namespace as Kubecost labels: {} annotations: {} - service: type: ClusterIP port: 9090 @@ -712,20 +713,19 @@ service: nodePort: {} labels: {} annotations: {} - # loadBalancerSourceRanges: [] + loadBalancerSourceRanges: [] sessionAffinity: enabled: false # Makes sure that connections from a client are passed to the same Pod each time, when set to `true`. You should set it when you enabled authentication through OIDC or SAML integration. timeoutSeconds: 10800 +## Kubecost-bundled Prometheus. Full configuration options. +## prometheus: - ## Provide a full name override for Prometheus. - # fullnameOverride: "" - ## Provide a name override for Prometheus. - # nameOverride: "" + fullnameOverride: "" + nameOverride: "" rbac: - create: true # Create the RBAC resources for Prometheus. - + create: true # Create the necessary ClusterRole and ClusterRoleBinding for Prometheus. serviceAccounts: alertmanager: create: true @@ -744,7 +744,7 @@ prometheus: ## # selfsignedCertConfigMapName: "" - imagePullSecrets: + imagePullSecrets: [] extraScrapeConfigs: | - job_name: kubecost @@ -799,14 +799,13 @@ prometheus: regex: (?i)(.*dcgm-exporter.*|.*dcgm-exporter.*|.*dcgm-exporter.*) server: - # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID - # to use as unique cluster ID in kubecost cost-analyzer deployment. - # This overrides the cluster_id set in prometheus.server.global.external_labels. - # NOTE: This does not affect the external_labels set in prometheus config. - # clusterIDConfigmap: cluster-id-configmap + ## Optional: Specify a configmap defining a CLUSTER_ID key to uniquely + ## identify this Kubecost deployment. This takes precedence over + ## `.Values.prometheus.server.global.external_labels`. This only affects the + ## cost-analyzer deployment, not Prometheus external_labels. + clusterIDConfigmap: "" - ## Provide a full name override for the Prometheus server. - # fullnameOverride: "" + fullnameOverride: "" enabled: true name: server @@ -845,15 +844,13 @@ prometheus: configMapOverrideName: "" ingress: enabled: false - # className: nginx + className: "" annotations: {} extraLabels: {} hosts: [] pathType: "Prefix" extraPaths: [] tls: [] - # strategy: - # type: Recreate tolerations: [] nodeSelector: {} affinity: {} @@ -869,8 +866,8 @@ prometheus: existingClaim: "" mountPath: /data size: 32Gi - # storageClass: "-" - # volumeBindingMode: "" + storageClass: "" + volumeBindingMode: "" subPath: "" emptyDir: sizeLimit: "" @@ -950,13 +947,12 @@ prometheus: ## version change. 4 days should provide enough time for most users to ## notice a problem and initiate corrective action. retention: 97h - # retentionSize: should be significantly greater than the storage used in the number of hours set in etlHourlyStoreDurationHours + + retentionSize: "" # Should be significantly greater than the storage used in the number of hours set in etlHourlyStoreDurationHours - # Install Prometheus Alert Manager alertmanager: enabled: false - ## Provide a full name override for Prometheus alertmanager. - # fullnameOverride: "" + fullnameOverride: "" strategy: type: Recreate rollingUpdate: null @@ -981,8 +977,6 @@ prometheus: hosts: [] extraPaths: [] tls: [] - # strategy: - # type: Recreate tolerations: [] nodeSelector: {} affinity: {} @@ -998,8 +992,8 @@ prometheus: existingClaim: "" mountPath: /data size: 2Gi - # storageClass: "-" - # volumeBindingMode: "" + storageClass: "" + volumeBindingMode: "" subPath: "" podAnnotations: {} annotations: {} @@ -1058,7 +1052,6 @@ prometheus: extraConfigmapMounts: [] resources: {} containerSecurityContext: {} - alertmanager: enabled: false name: configmap-reload @@ -1071,14 +1064,11 @@ prometheus: extraConfigmapMounts: [] resources: {} + ## As of Kubecost 2.0 node-exporter is disabled by default, though it can be + ## enabled as needed. nodeExporter: - ## If false, node-exporter will not be installed. - ## This is disabled by default in Kubecost 2.0, though it can be enabled as needed. - ## enabled: false - - ## Provide a full name override for node exporter. - # fullnameOverride: "" + fullnameOverride: "" hostNetwork: true hostPID: true @@ -1094,7 +1084,7 @@ prometheus: extraArgs: {} extraHostPathMounts: [] extraConfigmapMounts: [] - # affinity: + affinity: {} tolerations: [] nodeSelector: {} podAnnotations: {} @@ -1340,8 +1330,10 @@ prometheus: networkPolicy: enabled: false -## Optional daemonset to more accurately attribute network costs to the correct workload -## https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration +## Kubecost Network Costs (optional) +## Can be enabled to more accurately attribute network costs to the correct workload. +## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration +## networkCosts: enabled: false image: @@ -1360,13 +1352,15 @@ networkCosts: # every 30 minutes. trafficLogging: true - # Log level for the network cost containers. Options are "trace", "debug", "info", "warn", "error", "fatal", "panic" - logLevel: info + logLevel: info # Options are "trace", "debug", "info", "warn", "error", "fatal", "panic" # Port will set both the containerPort and hostPort to this value. # These must be identical due to network-costs being run on hostNetwork port: 3001 - # this daemonset can use significant resources on large clusters: https://guide.kubecost.com/hc/en-us/articles/4407595973527-Network-Traffic-Cost-Allocation + + ## This daemonset can use significant resources on large clusters. To throttle + ## resource usage, it is recommended to set a CPU limit. Do not set a memory + ## limit. resources: limits: # remove the limits by setting cpu: null cpu: 500m # can be less, will depend on cluster size @@ -1374,6 +1368,7 @@ networkCosts: requests: cpu: 50m memory: 20Mi + extraArgs: [] config: # Configuration for traffic destinations, including specific classification @@ -1450,7 +1445,6 @@ networkCosts: additionalLabels: {} additionalLabels: {} nodeSelector: {} - # Annotations to be added to network cost daemonset template and pod template annotations annotations: {} healthCheckProbes: {} additionalSecurityContext: {} @@ -1463,18 +1457,13 @@ kubecostDeployment: labels: {} annotations: {} -## Kubecost Forecasting forecasts future cost patterns based on historical -## patterns observed by Kubecost. +## Kubecost Forecasting +## Forecasts future cost patterns based on historical patterns observed by Kubecost. +## forecasting: enabled: true - - # fullImageName overrides the default image construction logic. The exact - # image provided (registry, image, tag) will be used for the forecasting - # container. fullImageName: gcr.io/kubecost1/kubecost-modeling:v0.1.18 imagePullPolicy: IfNotPresent - - # Resource specification block for the forecasting container. resources: requests: cpu: 200m @@ -1482,13 +1471,10 @@ forecasting: limits: cpu: 1500m memory: 1Gi - - # Set environment variables for the forecasting container as key/value pairs. env: # -t is the worker timeout which primarily affects model training time; # if it is not high enough, training workers may die mid training "GUNICORN_CMD_ARGS": "--log-level info -t 1200" - priority: enabled: false name: "" @@ -1773,14 +1759,14 @@ diagnostics: containerSecurityContext: {} nodeSelector: {} tolerations: [] - ## Annotations to be added for diagnostics Deployment. annotations: {} affinity: {} -## Provide a full name override for the diagnostics Deployment. -# diagnosticsFullnameOverride: "" +diagnosticsFullnameOverride: "" -# Kubecost Cluster Controller for Right Sizing and Cluster Turndown +## Kubecost Cluster Controller for Right Sizing and Cluster Turndown +## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/cluster-controller +## clusterController: enabled: false image: @@ -1789,15 +1775,13 @@ clusterController: imagePullPolicy: IfNotPresent priorityClassName: "" tolerations: [] - - ## Annotations to be added for cluster controller template annotations: {} resources: {} affinity: {} nodeSelector: {} actionConfigs: - # this configures the Kubecost Cluster Turndown action - # for more details, see documentation at https://github.com/kubecost/cluster-turndown/tree/develop?tab=readme-ov-file#setting-a-turndown-schedule + ## Configures the Kubecost Cluster Turndown action + ## Ref: https://github.com/kubecost/cluster-turndown/tree/develop?tab=readme-ov-file#setting-a-turndown-schedule clusterTurndown: [] # - name: my-schedule # start: "2024-02-09T00:00:00Z" @@ -1807,8 +1791,8 @@ clusterController: # start: "2024-02-09T00:00:00Z" # end: "2024-02-09T01:00:00Z" # repeat: weekly - # this configures the Kubecost Namespace Turndown action - # for more details, see documentation at https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#namespace-turndown + ## Configures the Kubecost Namespace Turndown action + ## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#namespace-turndown namespaceTurndown: # - name: my-ns-turndown-action # dryRun: false @@ -1822,8 +1806,8 @@ clusterController: # turndown: ignore # params: # minNamespaceAge: 4h - # this configures the Kubecost Cluster Sizing action - # for more details, see documentation at https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#cluster-sizing + ## Configures the Kubecost Cluster Sizing action + ## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#cluster-sizing clusterRightsize: # startTime: '2024-01-02T15:04:05Z' # frequencyMinutes: 1440 @@ -1889,7 +1873,6 @@ clusterController: # If true, will cause all (supported) workloads to be have their requests # automatically right-sized on a regular basis. defaultResizeAll: false -# fqdn: kubecost-cluster-controller.kubecost.svc.cluster.local:9731 namespaceTurndown: rbac: enabled: true