Kubernetes resources and link to Azure Active Directory (AAD) are outlined below. OAuth2 Proxy forwards authenticated users up to a Gin app running in the same namespaces as OpenCost and Prometheus. OCost queries the OpenCost API and returns a templated HTML response based on the AAD security groups the user is a member of.
There are two configuration files required at the root level of the repository .env and config.yaml.
The sample files should provide a reasonable starting place once the __CHANGE_ME__ values are
replaced.
Contains secrets and other variables that will be injected as environment variables and are required for deployment. In CI these variables could be added from Github secrets or variables depending on their sensitivity.
Contains app-level configuration such as pricing and the group ⇔ namespace mapping. These should be checked into the repository and push to a private remote.