Skip to main content

Azure AKS Configuration

To configure OpenCost for Azure Kubernetes Service (AKS), you’ll need to set up access permissions with Azure Active Directory (AAD), enable cost allocation tags, and add Azure credentials. Additionally, OpenCost requires access to node information through the node.spec.providerID field for accurate node-specific pricing.

1) Azure Pricing Configuration

  • Step 1.1 - Create a Custom Azure Role

    Save the following JSON as myrole.json, replacing YOUR_SUBSCRIPTION_ID with your subscription ID:

    {
        "Name": "OpenCostRole",
        "IsCustom": true,
        "Description": "Rate Card query role",
        "Actions": [
            "Microsoft.Compute/virtualMachines/vmSizes/read",
            "Microsoft.Resources/subscriptions/locations/read",
            "Microsoft.Resources/providers/read",
            "Microsoft.ContainerService/containerServices/read",
            "Microsoft.Commerce/RateCard/read"
        ],
        "AssignableScopes": ["/subscriptions/YOUR_SUBSCRIPTION_ID"]
    }

    Register the role:

    az role definition create --verbose --role-definition @myrole.json

  • Step 1.2 - Create an Azure Service Principal

    Create the service principal:

    az ad sp create-for-rbac --name "OpenCostAccess" --role "OpenCostRole" --scope "/subscriptions/YOUR_SUBSCRIPTION_ID" --output json

  • Step 1.3 - Supply Azure Service Principal Details to OpenCost

    Save the details in service-key.json:

    {
        "subscriptionId": "<Azure Subscription ID>",
        "serviceKey": {
            "appId": "<Azure AD App ID>",
            "displayName": "OpenCostAccess",
            "password": "<Azure AD Client Secret>",
            "tenant": "<Azure AD Tenant ID>"
        }
    }

  • Step 1.4 - Create a Secret for the Azure Service Principal

    Create the secret from service-key.json:

    kubectl create secret generic azure-service-key -n opencost --from-file=service-key.json

  • Step 1.5 - Update OpenCost Deployment to Use the Secret

    • YAML Installation: Update opencost.yaml to add the secret volume and mount:

      volumes:
        - name: service-key-secret
          secret:
            secretName: azure-service-key
      volumeMounts:
        - mountPath: /var/secrets
          name: service-key-secret

      Apply the changes:

      kubectl apply -f opencost.yaml -n opencost

    • Helm Installation: Update values.yaml to add the volume and mount:

      extraVolumes:
        - name: service-key-secret
          secret:
            secretName: azure-service-key
      opencost:
        exporter:
          extraVolumeMounts:
            - mountPath: /var/secrets
              name: service-key-secret

      Apply with Helm:

      helm upgrade opencost . --namespace opencost -f values.yaml

2) Customer-Specific Pricing

  • Step 2.1 - Find Your Billing Account ID

    Use the Azure CLI:

    az billing account list --query "[].{name:name, displayName:displayName}"

  • Step 2.2 - Grant Billing Access to Your Service Principal

    Run the assign-billing-role.bash script (after setting SP_NAME and BILLING_ACCOUNT_ID):

    chmod +x assign-billing-role.bash
    ./assign-billing-role.bash

  • Step 2.3 - Find the Offer ID for Your Subscription

    Retrieve the Offer ID from your subscription page in the Azure portal.

  • Step 2.4 - Configure OpenCost to Use the Price Sheet API

    • YAML Installation: Add these environment variables to opencost.yaml:

      env:
        - name: AZURE_BILLING_ACCOUNT
          value: <your billing account id>
        - name: AZURE_OFFER_ID
          value: <your offer id>

      Apply the changes:

      kubectl apply -f opencost.yaml -n opencost

    • Helm Installation: Add to values.yaml:

      opencost:
        exporter:
          extraEnv:
            AZURE_BILLING_ACCOUNT: <your billing account id>
            AZURE_OFFER_ID: <your offer id>

      Apply with Helm:

      helm upgrade opencost . --namespace opencost -f values.yaml