Skip to content

Latest commit

 

History

History
66 lines (39 loc) · 2.93 KB

README.md

File metadata and controls

66 lines (39 loc) · 2.93 KB

Komiser

Amp Logo

Komiser is an open-source cloud-agnostic resource manager. It integrates with multiple cloud providers (including AWS, OCI, DigitalOcean, Kubernetes and CIVO), builds a cloud asset inventory, and helps you break down your cost at the resource level 💰

Introduction

This chart bootstraps a community edition Komiser instance.

Prerequisites

  • Kubernetes 1.6+

Configuration (single AWS account)

Enable service accounts to access AWS resources in three steps

  1. Create an IAM OIDC provider for your cluster – You only need to do this once for a cluster.

  2. Create an IAM role and attach an Komiser IAM policy to it with the permissions that your service accounts need

  3. Update templates/service-account.yaml with the IAM role you've created previously.

Configuration (multiple AWS accounts)

Steps for a container to access the resources in multiple AWS accounts.
We are working with two example clusters, ADMIN and DEV cluster.

Solution diagram: alt text

Steps:

  1. Create an IAM OIDC provider for your ADMIN cluster

  2. Register the ADMIN OIDC provider in the DEV cluster

  3. Create an ADMIN IAM role

    – Attach the recomended Komiser policy
    – Create a Trust Relathionship with the kubernetes ServiceAccount
    – Attach an additional policy to assume the DEV IAM role.

  4. CREATE A DEV IAM role

    – Add the recomended Komiser policy
    – Create a Trust Relathionship with the ADMIN role

  5. Add the ADMIN role to the ServiceAccount

  6. Add a ConfigMap to the /templates folder

  7. Mount the ConfigMap to the Deployment manifest

Tutorial walkthrough:

Watch the video

Note that even though the video covers Amazon EKS, the Helm chart can be deployed to any Kubernetes cluster no matter the provider.

Installing the chart

To install the chart:

$ helm install -f values.yaml komiser .

The above command deploys Komiser on the Kubernetes cluster in the default configuration.