Truefoundry integrates with Kubecost to provide cost visibility for your deployments. Kubecost is one of the applications that can be installed on the cluster. Once you install the application, you will start getting cost updates on the Truefoundry portal. However, by default, Kubecost is not able to pull the spot instance prices - for this you need to setup Spot Datafeed collection on your AWS account. This guide provides a quick way to setup spot data-feed collection.
Run the following bash script. Please replace profile, region and cluster_name before running
# Enter your profile, region, and cluster nameexport profile="default"export region=""export cluster_name=""# (Do not edit) Declares some variablesexport bucket_name=$cluster_name-kubecostexport account_id=$(aws sts get-caller-identity --query "Account"--output text --profile $profile)export oidc_provider=$(aws eks describe-cluster --name $cluster_name--region $region--query "cluster.identity.oidc.issuer"--output text --profile $profile| sed -e "s/^https:\/\///")export role_arn_name=$cluster_name-kubecost-role-arnexport namespace=kubecostexport service_account=kubecost-cost-analyzer# Create s3 bucket to store spot data feedaws s3api create-bucket \--bucket $bucket_name \--region $region \--object-ownership ObjectWriter \--profile $profile# Subscribe to spot data feedaws ec2 create-spot-datafeed-subscription \--bucket $bucket_name \--region $region \--profile $profile# Create IAM policy to access the s3 bucket## Create policy.jsoncat >policy.json <<EOF{"Version": "2012-10-17","Statement": [{"Sid": "SpotDataFeed","Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:ListBucket","s3:List*","s3:Get*"],"Resource": "arn:aws:s3:::$bucket_name*"}]}EOF## Create policyaws iam create-policy \--policy-name SpotDataFeed \--policy-document file://policy.json \--profile $profile# Create IAM role to assume the role as service account## Create trust-relationship.jsoncat >trust-relationship.json <<EOF{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::$account_id:oidc-provider/$oidc_provider"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"$oidc_provider:aud": "sts.amazonaws.com","$oidc_provider:sub": "system:serviceaccount:$namespace:$service_account"}}}]}EOF## Create roleaws iam create-role \--role-name $role_arn_name \--assume-role-policy-document file://trust-relationship.json \--profile $profile## Attach policy to roleaws iam attach-role-policy \--role-name $role_arn_name \--policy-arn=arn:aws:iam::$account_id:policy/SpotDataFeed \--profile $profile# Print the role ARNecho"Role ARN: arn:aws:iam::$account_id:role/$role_arn_name"
Nagivate to Workspaces in TrueFoundry UI and edit kubecost workspace in your cluster.
Switch toShow Advanced options and add Service Account with name: kubecost-cost-analyzer and role arn value as arn:aws:iam::<account_id>:role/<role-arn-name>
Navigate to Deployments > Helm and edit kubecost. Then, add following section to values: