Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Cost Allocation

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Enable cost allocation for your Google Kubernetes Engine (GKE) clusters in order to gain detailed insights into GKE resource usage. This feature allows you to break down resource consumption by Kubernetes namespaces and labels, making it easier to associate costs with specific entities. Once enabled, you can access detailed GKE cost reports by cluster, namespace, and label through billing data exported to BigQuery.

Operational
excellence
Cost
optimisation

Enabling cost allocation for Google Kubernetes Engine (GKE) clusters provides detailed visibility into resource consumption and cost distribution across Kubernetes components. This enables informed decisions for cost optimization, budgeting, and chargeback allocation.

Audit

To determine if cost allocation is enabled for your Google Kubernetes Engine (GKE) clusters, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Kubernetes Engine console available at https://console.cloud.google.com/kubernetes.

04 In the left navigation panel, under Resource Management, choose Clusters and select the OVERVIEW tab to access the list of GKE clusters provisioned for the selected GCP project.

05 Click on the name (link) of the GKE cluster that you want to examine.

06 Select the DETAILS tab to view the configuration information available for the selected cluster.

07 In the Features section, check the Cost Allocation attribute value to determine the feature status. If Cost Allocation is set to Disabled, the Cost Allocation feature is not enabled for the selected Google Kubernetes Engine (GKE) cluster.

08 Repeat steps no. 5 – 7 for each GKE cluster provisioned within the selected GCP project.

09 Repeat steps no. 2 – 8 for each GCP project deployed in your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each GCP project available in your Google Cloud account: 

gcloud projects list
	--format="table(projectId)"

02 The command output should return the requested GCP project IDS: 

PROJECT_ID
	cc-web-project-123123
	cc-dev-project-112233

03 Run container clusters list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each GKE cluster provisioned for the selected project: 

gcloud container clusters list
	--project cc-web-project-123123
	--format="table(NAME,ZONE)"

04 The command output should return the requested cluster names and their regions: 

NAME: cc-gke-backend-cluster
ZONE: us-central1

NAME: cc-gke-frontend-cluster
ZONE: us-central1

05 Run container clusters describe command (Windows/macOS/Linux) with the name of the GKE cluster that you want to examine as the identifier parameter and custom output filters to determine if cost allocation is enabled for the selected GKE cluster: 

gcloud container clusters describe cc-gke-backend-cluster
	--region=us-central1
	--format="json(costManagementConfig.enabled)"

06 The command output should return the feature configuration and status: 

null

If the container clusters describe command output returns null, as shown in the example above, the Cost Allocation feature is not enabled for the selected Google Kubernetes Engine (GKE) cluster.

07 Repeat steps no. 5 and 6 for each GKE cluster provisioned for the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To enable cost allocation for your Google Kubernetes Engine (GKE) clusters, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Kubernetes Engine console available at https://console.cloud.google.com/kubernetes.

04 In the left navigation panel, under Resource Management, choose Clusters and select the OVERVIEW tab to access the list of GKE clusters deployed for the selected GCP project.

05 Click on the name (link) of the GKE cluster that you want to configure.

06 Select the DETAILS tab to view the configuration information available for the selected cluster.

07 In the Features section, click on the Edit Cost Allocation button (i.e., pencil icon) available next to Cost Allocation to modify the feature settings.

08 Inside the Edit cost allocation config box, check the Enable Cost Allocation setting checkbox, and choose SAVE CHANGES to apply the changes. This will enable the Cost Allocation feature for your GKE cluster.

09 Repeat steps no. 5 – 8 for each GKE cluster that you want to configure, created for the selected GCP project.

10 Repeat steps no. 2 – 9 for each GCP project available in your Google Cloud account.

Using GCP CLI

01 Run container clusters update command (Windows/macOS/Linux) with the name of the Google Kubernetes Engine (GKE) cluster that you want to configure as the identifier parameter, to enable the Cost Allocation feature for the selected GKE cluster: 

gcloud container clusters update cc-gke-backend-cluster
	--region=us-central1
	--enable-cost-allocation

02 The command output should return the full URL of the modified GKE cluster: 

Updating cc-gke-backend-cluster... done.
Updated [https://container.googleapis.com/v1/projects/cc-web-project-123123/zones/us-central1/clusters/cc-gke-backend-cluster].

03 Repeat steps no. 1 and 2 for each GKE cluster that you want to configure, available within the selected GCP project.

04 Repeat steps no. 1 – 3 for each GCP project deployed in your Google Cloud account.

References

Publication date Dec 2, 2024

Related GKE rules