Documentation on how to use OpenCost with an existing prometheus installation on OpenShift?

[kastl-ars]

Hi all,

I would like to run OpenCost in OpenShift, but am unsure before even starting due to the various options in the values.yaml regarding authentication to an external Prometheus.

https://github.com/opencost/opencost-helm-chart/blob/main/charts/opencost/values.yaml#L320

Our OpenShift cluster has a thanos-querier service running, that requires authentication using the serviceaccount token. How would I put this into the values.yaml?

I figured something like the following could work, but I am not sure if the bearertoken works with a Kubernetes serviceAccount token or needs some other format?

  prometheus:
    secret_name: ~
    existingSecretName: my-existing-service-account-token-secret
    username: ""
    username_key: ""
    password: ""
    password_key: ""
    bearer_token: ""
    bearer_token_key: "token" # the key used for the token in the my-existing-service-account-token-secret secret
    external:
      enabled: true
      url: "https://thanos-querier...."

Any hints are highly appreciated.

Kind Regards,
Johannes

[kastl-ars]

One addition: The service account token should already be mounted inside the pod, as the automountServiceAccountToken setting is true. Is there any way to tell the pod to use that file?

Especially as the name of the token secret for the serviceAccount is not predictable, how would I specify this beforehand?

[AjayTripathy]

cc @jessegoodier can someone on your team help get this documented? Seems valuable.

[jessegoodier]

cc @jessegoodier can someone on your team help get this documented? Seems valuable.

Ishaan is working on this. I'm sure it is possible, will look at how other tools are doing it.

[kastl-ars]

Any news on this?

[jessegoodier]

Yes! #226
Getting closer. I can't commit to timing though.