Introduction to OpenCost

Open-source cost monitoring for cloud-native environments

Open Cost

With the increasing shift towards cloud-centric operations, it’s crucial for DevOps and FinOps teams to effectively monitor and manage cloud resources to optimize costs. However, amidst multiple teams utilizing various resources, tracking expenses per team and understanding resource allocation becomes challenging. While cloud providers offer billing consoles, navigating and interpreting the data can be complex. Enter OpenCost. OpenCost is a vendor-neutral, open-source project designed to precisely measure and allocate cloud infrastructure and container costs in real time. Developed by Kubernetes experts and supported by practitioners, OpenCost offers transparency into Kubernetes spending, demystifying the intricacies of cloud expenditure.

What is the entire story all about? (TLDR)

1. Understanding how OpenCost works.
2. Understanding Kubernetes costs using OpenCost.

Story Resources

1. GitHub Link: https://github.com/pavan-kumar-99/medium-manifests
2. GitHub Branch: opencost

Prerequisites

1. A Kubernetes Cluster ( EKS, AKS, Kind Cluster, k3d, etc ).

Installing Opencost

There are several supported ways of deploying OpenCost, depending on your use case and environment. Each cloud provider has different configuration requirements depending on your deployment.

As a part of this article, we will use GCP as our cloud provider. I have created a GKE cluster for this demo and I will be determining the costs of both K8s namespaces and also the cloud resources.

Opencost needs Prometheus to scrape the data about the cluster. Let us install Prometheus and this will also be scraping data from Opencost as well and the scrape config is already configured as a part of this command.

helm install prometheus --repo https://prometheus-community.github.io/helm-charts prometheus \
  --namespace prometheus-system --create-namespace \
  --set prometheus-pushgateway.enabled=false \
  --set alertmanager.enabled=false \
  -f https://raw.githubusercontent.com/opencost/opencost/develop/kubernetes/prometheus/extraScrapeConfigs.yaml

This command would install Prometheus and will also configure to scrape data from Opencost pods.

Since we also decided that we would scrape the Cloud Costs, there are certain pre-requisites to authenticate with GCP and extract the cloud costs

a) Create a GCP API Key to talk to Biling API ( https://cloud.google.com/docs/authentication/api-keys#create ). You can create the key using the GCP console or gcloud command using

gcloud beta services api-keys create --display-name=opencost 

b) A GCP Service account JSON key is also needed to authenticate with GCP to list the resources and get the costing. The SA can be created using the following commands. Ensure that gcloud auth login is performed and the correct project ID is also set.

export PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts create compute-viewer-opencost --display-name "Compute Read Only Account Created For Opencost" --format json
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:compute-viewer-opencost@$PROJECT_ID.iam.gserviceaccount.com --role roles/compute.viewer
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:compute-viewer-opencost@$PROJECT_ID.iam.gserviceaccount.com --role roles/bigquery.user
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:compute-viewer-opencost@$PROJECT_ID.iam.gserviceaccount.com --role roles/bigquery.dataViewer
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:compute-viewer-opencost@$PROJECT_ID.iam.gserviceaccount.com --role roles/bigquery.jobUser
gcloud iam service-accounts keys create ./compute-viewer-opencost-key.json --iam-account compute-viewer-opencost@$PROJECT_ID.iam.gserviceaccount.com

Create a JSON file called cloud-integration.json and replace the values for all the required values from the Service Account JSON. Opencost uses BigQuery to store the costing data, and the value of dataset should be the dataset’s name from BigQuery.

{
  "gcp": {
    "bigQuery": [
      {
        "projectID": "terraform-gcp-311100",
        "dataset": "opencost",
        "table": "gcp_billing_export_resource_v1_0121AC_C6F51B_690771",
        "authorizer": {
          "authorizerType": "GCPServiceAccountKey",
          "key": {
            "type": "service_account",
            "project_id": "terraform-gcp-311100",
            "private_key_id": "",
            "client_email": "compute-viewer-opencost@terraform-gcp-311100.iam.gserviceaccount.com",
            "client_id": "",
            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
            "token_uri": "https://oauth2.googleapis.com/token",
            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
            "client_x509_cert_url": ""
          }
        }
      }
    ]
  }
}

After replacing these values. let us create a secret for opencost to consume these values to talk to GCP.

kubectl create namespace opencost
kubectl create secret generic cloud-costs --from-file=./cloud-integration.json --namespace opencost

Alrighty, we are now all set with the authentication part, let us know get into action. Let us now install Opencost using custom helm values

loglevel: debug
opencost:
  exporter:
    cloudProviderApiKey: "AIzaSyBK-JMMhIIabdmnIltjrVQMDlTenMe1y1o"
  cloudIntegrationSecret: cloud-costs
  cloudCost:
    enabled: true
    refreshRateHours: 0.1
service:
  enabled: true
  type: LoadBalancer

Let us now deploy Opencost with the helm chart

git clone https://github.com/pavan-kumar-99/medium-manifests.git -b opencost

cd medium-manifests

helm upgrade -i opencost --repo https://opencost.github.io/opencost-helm-chart opencost \\n  --namespace opencost -f values.yaml

Helm Install

Let us list down the resources in the opencost namespace

Opencost resources

Let us now understand the OpenCost UI. I have already ensured that the Opencost UI is exposed as a LoadBalancer and you can get the IP by running the command,

kubectl get services opencost -n opencost -o=jsonpath='{.status.loadBalancer.ingress[0].ip}'

Let us now navigate to, http://<service-ip>:9090/ to access the OpenCost UI. It might take a couple of minutes for your data to be loaded. However, I have my Opencost running for 2 days, and hence my dashboard might look different than yours.

OpenCost Dashboard

Here is the Cost of the entire cluster split by namespace. Opencost also gives us the flexibility to split the costs by Kubernetes resource types like Deployment, StatefulSet, Worker Nodes, etc.

Various Costing Resources are available

Closing Thoughts

OpenCost offers comprehensive insights into the expenditure associated with Kubernetes clusters and cloud resources. In addition to elucidating overall costs, OpenCost facilitates detailed analyses such as custom cost configurations and in-depth cost assessments. If you’re interested in delving further into its capabilities, feel free to reach out. It’s important to note that the setup outlined in the article is not intended for production environments.

Until next time…..

Recommended

Kubernetes Policies as code using Kyverno

How I reduced the size of my Docker Image by 95%

Policies as Code in Kubernetes using jsPolicy

MlOps: Machine learning Pipelines using kubeflow