Komiser

Komiser is an open-source cloud-agnostic resource manager. It integrates with multiple cloud providers (including AWS, OCI, DigitalOcean, Kubernetes and CIVO), builds a cloud asset inventory, and helps you break down your cost at the resource level 💰

Introduction

This chart bootstraps a community edition Komiser instance.

Prerequisites

• Kubernetes 1.6+

Configuration (single AWS account)

Enable service accounts to access AWS resources in three steps

1. Create an IAM OIDC provider for your cluster – You only need to do this once for a cluster.

2. Create an IAM role and attach an Komiser IAM policy to it with the permissions that your service accounts need

3. Update templates/service-account.yaml with the IAM role you've created previously.

Configuration (multiple AWS accounts)

Steps for a container to access the resources in multiple AWS accounts.
We are working with two example clusters, ADMIN and DEV cluster.

Solution diagram:

Steps:

1. Create an IAM OIDC provider for your ADMIN cluster

2. Register the ADMIN OIDC provider in the DEV cluster

3. Create an ADMIN IAM role

   – Attach the recomended Komiser policy
   – Create a Trust Relathionship with the kubernetes ServiceAccount
   – Attach an additional policy to assume the DEV IAM role.

4. CREATE A DEV IAM role

   – Add the recomended Komiser policy
   – Create a Trust Relathionship with the ADMIN role

5. Add the ADMIN role to the ServiceAccount

6. Add a ConfigMap to the /templates folder

7. Mount the ConfigMap to the Deployment manifest

Tutorial walkthrough:

Note that even though the video covers Amazon EKS, the Helm chart can be deployed to any Kubernetes cluster no matter the provider.

Installing the chart

To install the chart:

$ helm install -f values.yaml komiser .

The above command deploys Komiser on the Kubernetes cluster in the default configuration.