Our Application has a unique solution that helps with tracking Kubernetes costs, understanding them better and easily identifying wasted spend.
Our Kubernetes feature assigns pod costs as the maximum between the actual cost and the requirements cost (if it exists).
To show the actual cost, you need to install an agent in each cluster that you want to connect.
As the CloudWatch custom metric is very expensive, we have taken the AWS CloudWatch agent for containers and made a minor adjustment so our agent can now send the container logs to CloudWatch without having to use the CloudWatch custom metric.
Before you install Container Insights on Amazon EKS or Kubernetes, verify the following:
- You have a functional Amazon EKS or Kubernetes cluster with nodes attached in one of the Regions that supports the Container Insights for Amazon EKS and Kubernetes. For the list of supported Regions, see Using Container Insights.
- K8s version is 1.22 or higher.
- You have kubectl installed and running. For more information, see Installing kubectl in the Amazon EKS User Guide.
- If you're using Kubernetes running on AWS instead of using Amazon EKS, the following prerequisites are also necessary:
-
Be sure that your Kubernetes cluster has enabled role-based access control (RBAC). For more information, see Using RBAC Authorization in the Kubernetes Reference.
-
Your kubelet has enabled Webhook authorization mode. For more information, see Kubelet authentication/authorization in the Kubernetes Reference.
-
Your container runtime is Docker.
-
-
Attach a policy to the IAM role of your worker nodes. This works for both Amazon EKS clusters and other Kubernetes clusters.
-
Use an IAM role for service accounts for the cluster, and attach the policy to this role. This works only for Amazon EKS clusters.
Attaching a policy to the IAM role of your worker nodes
Follow the steps below to attach the policy to the IAM role of your worker nodes. This works for both Amazon EKS clusters and Kubernetes clusters outside of Amazon EKS.
-
-
Select one of the worker node instances and choose the IAM role in the description.
-
On the IAM role page, choose Attach policies.
-
In the list of policies, select the check box next to CloudWatchAgentServerPolicy. If necessary, use the search box to find this policy.
-
Choose Attach policies.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeVolumes"
],
"Resource": "*",
"Effect": "Allow"
}
]
}