Kubernetes (K8S) Cluster Onboarding
Onboard Kubernetes clusters (EKS, AKS, GKE) to CoreStack FinOps for workload-level cost visibility, governance, and automated cost allocation.
Feature Overview
Kubernetes Cluster Onboarding is an agent-based capability within CoreStack's FinOps module that connects your managed Kubernetes environment to CoreStack, enabling cost visibility and governance across your containerized workloads. It is most relevant when your organization runs workloads on managed Kubernetes services — Amazon EKS, Azure AKS, or GCP GKE — and needs accurate, workload-level cost breakdowns without manual data extraction.
This feature is most valuable to Cloud Administrators and FinOps Practitioners who need to bring Kubernetes spend into the same governance framework as their broader cloud estate. It does not provide real-time monitoring; it is focused on cost ingestion, allocation, and reporting within the CoreStack FinOps module.
How It Works
When you onboard a Kubernetes cluster, you configure how the CoreStack Kubernetes Agent collects and stores metrics from your cluster. The agent is deployed inside your cluster using a YAML file downloaded during onboarding. Agent deployment must be performed by the CoreStack Technical Support Team.
Note: Kubernetes Cluster Onboarding requires the CoreStack Kubernetes Agent to be deployed inside your cluster. Agent deployment must be performed by the CoreStack Technical Support Team. Ensure you have raised a support request before starting the onboard.
Prerequisites
Before you begin, ensure the following are in place:
| Prerequisite | Requirement |
|---|---|
| Role | You have appropriate roles and permissions assigned in CoreStack, with access to the cloud account associated with the cluster. |
| Kubernetes cluster | A functioning managed Kubernetes cluster (Amazon EKS, Azure AKS, or GCP GKE) is available and accessible. |
| Prometheus | Prometheus v2.x or higher is running in the cluster environment. Only one instance per cluster is required. The endpoint must be reachable from within the cluster by the K8s agent. |
| kube-state-metrics | Version v2.9.0 or later (v2.10.x preferred) is deployed in the cluster. |
| cAdvisor | No separate installation is required — cAdvisor is bundled with the Kubelet on Kubernetes v1.20 or higher. |
| Network access | Outbound connectivity from the cluster to CoreStack storage endpoints is enabled. The agent cluster and Prometheus endpoint are mutually whitelisted. |
| Storage decision | You have decided whether to use Platform Managed Storage (CoreStack's shared bucket — no additional credentials required) or User Specific Storage (your own cloud storage account — credentials must be ready before you begin). |
| Temporary disk space | The /tmp directory on the cluster is writable and has sufficient free space. The agent buffers Prometheus data here before uploading; logs are automatically purged when they exceed 500 MB. |
| Cluster details | You have the Cluster ID, Cluster Type, Cloud Provider, and Region available. |
| Cost weightage (optional) | If you want custom cost allocation, define your CPU, Memory, and GPU weightage percentages. The total must equal 100%. |
Getting Started with Kubernetes Cluster Onboarding
Navigate to Governance > Account Governance > Container Services.
The Container Services screen lists all clusters currently connected to CoreStack. From here, you can onboard a new cluster or manage existing ones.
The onboarding process is a guided wizard that walks you through five steps:
- Select Cluster — choose the cloud account and cluster to onboard. The Cluster ID and Cluster Type populate automatically.
- Select and Manage Products — confirm that FinOps is set to Active.
- Storage Access — choose your storage type (Platform Managed or User Specific) and provide credentials if required. Authentication options differ by provider — see the provider-specific guide for details.
- Deployment — enter your Prometheus endpoint, configure certification if required, and download the YAML file to deploy the Kubernetes Agent with the CoreStack Technical Support Team.
- Advanced Settings — set the Cluster Description, Cost Resolution Frequency, and cost weightages for CPU, Memory, and GPU. Click Finish to complete onboarding. The cluster appears on the Container Platform Accounts page once onboarding is complete.
For full step-by-step instructions including provider-specific storage authentication and screenshots, follow the guide for your cloud provider:
| Cloud Provider | Cluster Type | Guide |
|---|---|---|
| Amazon Web Services | Amazon EKS | AWS (Amazon EKS) - K8S Cluster Onboarding |
| Microsoft Azure | Azure AKS | K8S Cluster Onboarding — Azure (AKS) |
| Google Cloud | GCP GKE | K8S Cluster Onboarding — GCP (GKE) |
Managing Onboarded Clusters
After onboarding, all clusters are listed on the Container Platform Accounts page. The summary cards at the top show counts for Active and Governed, Not Onboarded, Deactivated, and Invalid Credential statuses.
To take action on an onboarded cluster, click the ellipsis (⋯) under the Actions column and select one of the following:
- Edit Configuration — update cluster settings across all onboarding steps. Click Next through each step and click Finish to save.
- View Configuration — review the cluster's Basic Details, Storage Access, Deployment, Advanced Settings, and FinOps cost processing details.
- Deactivate — suspend metric collection for the cluster without removing it from CoreStack. Confirm by selecting Yes in the dialog.
- Delete — permanently remove the cluster from CoreStack. Confirm by selecting Yes in the dialog.
Frequently Asked Questions
Q: Do I need a separate Prometheus instance for each cluster?
No. Only one Prometheus instance per cluster is required. A single Prometheus deployment that collects metrics across all nodes and pods in the cluster is sufficient for the CoreStack agent to function correctly.
Q: Can I change the storage type after onboarding?
Yes. To update the storage configuration, click the ellipsis under Actions for the relevant cluster and select Edit Configuration. Navigate to the Storage Access step, make your changes, and click Save & Validate, then proceed to Finish.
Q: Which storage authentication method should I use for User Specific Storage?
This depends on your cloud provider and your organisation's security posture. For AWS, Assume Role is recommended over Access Key as it provides temporary, scoped credentials and reduces the risk of long-lived key exposure.
Q: How long does it take for cost data to appear in the FinOps Dashboard after onboarding?
Cost data appears after the first successful ingestion cycle. The frequency depends on the Cost Resolution Frequency setting configured during onboarding. The initial data load may take longer than subsequent cycles.
Q: Can I onboard multiple clusters from the same cloud account?
Yes. CoreStack supports multiple clusters per cloud account. Each cluster is onboarded independently and receives its own Kubernetes Agent deployment and service account.
Troubleshooting
The cluster is onboarded but no cost data appears in the FinOps Dashboard
Cause: The Kubernetes Agent has not completed a successful ingestion cycle. This is most commonly caused by a network connectivity issue between the agent and the Prometheus endpoint, or between the agent and the configured storage endpoint.
Solution:
- Confirm that the Prometheus endpoint entered during onboarding is correct and reachable from within the cluster.
- Confirm that outbound connectivity from the cluster to the configured storage endpoint (S3, Azure Blob, or GCS) is not blocked by a firewall or security group rule.
- Verify that the
/tmpdirectory on the cluster is writable and has available disk space. - Check the Agent Status column on the Container Platform Accounts page. If the status is not Active, raise a request with the CoreStack Technical Support Team to inspect the agent logs.
Note: If the issue persists, contact CoreStack support with the Cluster ID, Cloud Provider, Agent Status, and any relevant error messages from the agent logs in
/tmp.
The Onboard Cluster button is not visible on the Container Services page
Cause: Your user account does not have the required role to initiate cluster onboarding, or the cloud account has not been onboarded to CoreStack.
Solution:
- Confirm that you have the Account Admin role assigned for the relevant cloud account in CoreStack.
- Confirm that the cloud account associated with the cluster has been onboarded to CoreStack before attempting Kubernetes cluster onboarding.
- If both conditions are met and the button is still not visible, contact your CoreStack administrator to review your role assignments.
Storage validation fails when configuring User Specific Storage
Cause: The credentials provided do not have the required permissions to access the specified storage bucket or container.
Solution:
- Confirm that the storage bucket or container exists and is accessible.
- Confirm that the credentials provided have read and write permissions on the bucket or container.
- For AWS Assume Role: verify that the Role ARN is correct and that the trust policy allows CoreStack to assume the role.
- Click Save & Validate again after correcting the credentials. A green confirmation message indicates successful validation.
Note: If validation continues to fail, contact CoreStack support with the Cluster ID, Cloud Provider, storage type, and the exact error message displayed during validation.
Updated 43 minutes ago