Sosivio AWS Billing
Important Notice: If your EKS cluster contains more than 1,000 cores please contact us at [email protected] for a volume-based discounted enterprise license. Sosivio does not currently support tiered metering in AWS.
Prerequisites
- AWS CLI installed and configured
- Admin access to your cluster. You can verify this with
kubectl auth can-i "*" "*"
- Ability to add AWS IAM policy and role
- EKS cluster with IAM roles for service accounts enabled
Process
Thank you for choosing Sosivio for AWS! After clicking subscribe in the AWS Marketplace, we need to install Sosivio and allow access to AWS in order to meter the cluster usage.
Environment Variables
The Sosivio installer will use the following environment variables. Please change them to correspond with your internal guidelines and naming conventions.
export AWS_ACCOUNT_ID=<your aws account id>
export SOSIVIO_ROLE_NAME=sosivio-marketplace-role
export CLUSTER_NAME=<your-cluster-name>
export REGION=<your-cluster-region>
export CLUSTER_OIDC_ISSUER_URL=$(aws eks describe-cluster --name $CLUSTER_NAME --query "cluster.identity.oidc.issuer" --region $REGION --output text )
export CLUSTER_OIDC_ISSUER=${CLUSTER_OIDC_ISSUER_URL#*https://}
export EXPOSE_TYPE=LoadBalancer #or PortForward or Ingress
# If you chose Ingress as the EXPOSE_TYPE, you'll need to provide domain URL:
# export DOMAIN_URL=your.domain.com #will create sosivio-dashboard.your.domain.com
Creating an AWS Roles
First, we'll need to create an AWS role with the appropriate AWS-managed permissions to contact the AWS Marketplace API: Our Role should have the following permissions: - AWSMarketplaceMeteringFullAccess - AWSMarketplaceMeteringRegisterUsage
*You can create the role via the AWS Console, but we'll provide you with the command to create it via the AWS CLI.
Run the following commands:
Step 1: Create the trust policy:
echo "{
\"Version\": \"2012-10-17\",
\"Statement\": [
{
\"Effect\": \"Allow\",
\"Principal\": {
\"Federated\": \"arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${CLUSTER_OIDC_ISSUER}\"
},
\"Action\": \"sts:AssumeRoleWithWebIdentity\",
\"Condition\": {
\"StringEquals\": {
\"${CLUSTER_OIDC_ISSUER}:aud\": \"sts.amazonaws.com\"
}
}
}
]
}" > sosivio-trust-policy.json
Step 2: Create the AWS role:
aws iam create-role \
--role-name $SOSIVIO_ROLE_NAME \
--assume-role-policy-document=file://sosivio-trust-policy.json
Step 3: Attach the required permissions:
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess \
--role-name $SOSIVIO_ROLE_NAME
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
--role-name $SOSIVIO_ROLE_NAME
Install/Upgrade Sosivio
Note: we'll provide a cli one-type commands to install sosivio with the correct configuration. We recommend editing the helm values file and save the helm chart with your preferred values.
Step 1: Add Sosivio Helm repo
helm repo add sosivio https://helm.sosiv.io
helm repo update
Step 2: If it’s a fresh Installation of Sosivio:
#Deploy Via AWS LoadBalancer
helm install -n sosivio sosivio sosivio/sosivio --create-namespace \
--set expose=$EXPOSE_TYPE \ #--set domain=$DOMAIN_URL (if you chose EXPOSE_TYPE=Ingress
--set cluster_name=$CLUSTER_NAME \
--set aws.accountId=$AWS_ACCOUNT_ID \
--set aws.markteplaceRole=$SOSIVIO_ROLE_NAME
Step 3: If its an upgrade for an existing (AWS-metered) installation:
helm upgrade -n sosivio sosivio sosivio/sosivio \
--set expose=$EXPOSE_TYPE \
--set cluster_name=$CLUSTER_NAME \
--set aws.accountId=$AWS_ACCOUNT_ID \
--set aws.markteplaceRole=$SOSIVIO_ROLE_NAME
First Login to Sosivio
Step 1: Open the Sosivio URL in your browser. The Helm chart installation will output how to get the Sosivio URL. If for any reason the command printed is incorrect, you can run the following commands:
- for LoadBalancer:
kubectl get svc dashboard-lb -n sosivio
- for Ingress:
kubectl get ingress dashboard -n sosivio
- for PortForward:
kubectl port-forward -n sosivio svc/dashboard 8088:8088
Step 2: The default user is admin
. in order to get the generated password, run the following command: kubectl get secret -n sosivio sosivio-admin-otp -o jsonpath='{.data.password}' | base64 -d