# Prometheus Per-Cluster Integration ## Overview Integrate Finout with the Prometheus instance in each monitored cluster to track that cluster’s Kubernetes costs and waste directly in Finout. This Per-Cluster Prometheus cost enrichment is supported across all major clouds, including AWS, GCP, and Azure. * To connect multiple clusters that share the same configuration, apply the YAML from Step 3 (“Create and Configure the CronJob”) to every cluster - this will send all metrics to the same S3 bucket and prefix. * If you need different S3 locations (buckets or prefixes), create additional Prometheus integration for those clusters by contacting support at . **Prometheus Per-cluster Setup at a Glance**: 1. **Set Collection Method:** Name your integration and select your metrics collection method. 2. **Connect S3 Bucket**: The destination for Kubernetes metrics. 3. **Set cronjob permissions:** This allows the cronjob to write the metrics into your S3 bucket. 4. **Configure the create cronjob YAML** using the template, and deploy it in the cluster. 1. Select the authentication method. 2. Set the required environment variables in the YAML and make additional adjustments, then deploy it in your cluster. 5. **Select cost centers:** This enriches with the integrated Kubernetes metrics. 6. **Validate your Kubernetes Integration:** Ensure that the Prometheus metrics are exported correctly to S3. **What happens next**: A Prometheus (per-cluster) Cost Center is created and automatically enriched to your AWS Cost Center. Data appears in Finout within \~2 days (due to cloud billing delay). ## 1. Set Collection Method

1. In Finout, navigate to **Settings** > **Cost Centers > Prometheus (Kubernetes).**\ The **Set Collection Method** step appears.

2. Name your Prometheus integration. 3. Ensure that the Per-cluster collection method is selected. 4. Click **Next**.\ You are brought to the **Connect S3 Bucket** step. ## 2. Connect S3 Bucket

1. Connect a S3 bucket that contains the Kubernetes metrics collected from Prometheus using this integration. Finout is granted read-only permissions to access the data.\ Ensure that you have already connected an S3 bucket to Finout for the AWS Cost and Usage Report (CUR).\ You can reuse the **same S3 bucket and IAM role**, and Finout will automatically populate the **Role ARN, Bucket name**, and **External ID** fields in the console.\ \ If you want to use a different S3 bucket or haven’t configured one yet, follow the steps in **Grant Finout Access to an S3 Bucket**.\ \ Fill in the following fields: 1. **External ID** - this is taken from your existing AWS Cost Center and is filled in by default. Use this same External ID in the IAM role’s trust policy to grant Finout permissions to read from the S3 bucket that stores your Prometheus metrics. 2. **ARN Role** - Provide the ARN of the IAM role that grants Finout read-only access to this S3 bucket. When creating or updating this role, make sure you use the External ID from the Finout console in the role’s trust policy. 3. **Bucket Name** - Enter the name of the S3 bucket that stores your Prometheus metrics. Use the bucket name only (no `s3://` and no path). It must be in the Region you selected and readable by the Role ARN. 4. **S3 prefix** - S3 prefix (folder path) in the bucket used to store Prometheus metrics (default is `k8s/prometheus`). 5. **Region** - AWS region of the bucket (e.g., us-east-1). Must match the bucket’s actual region. 2. Click **Next**. {% hint style="info" %} **Note**: Finout supports enriching **AWS (EKS), GCP (GKE), and Azure (AKS)** Kubernetes costs using Kubernetes metrics. However, this integration currently requires the Kubernetes metrics to be **uploaded to an AWS S3 bucket**. To connect other cost centers, contact Finout Support at . {% endhint %} {% hint style="warning" %} **Important**: * If you want to integrate Finout with more than one cluster, repeat Step 3 (Set CronJob Permissions) and Step 4 (Configure and Create the Cronjob) for each cluster. If the clusters belong to the same Cost Center, make sure they all use the same `S3_PREFIX`. * The values `BUCKET_NAME` and `S3_PREFIX` across steps 3 and 4 need to be identical to the values added in this step. {% endhint %} ## 3. Set CronJob Permissions In this step, you will grant the cronjob permissions to write the Kubernetes metrics into the bucket you configured in the previous step.

1. **Configure Policy:**\ Attach this policy to the Kubernetes node role, or to the IAM role used by your CronJob, so the CronJob has the S3 access it needs: * **Write** to store exported metrics in your bucket. * **Read** to check its saved state in the bucket and know from which timestamp to continue. * **Delete** to remove files from the bucket older than the retention period (30 days by default, configurable). ```yaml { "Version": "2012-10-17", "Statement": [ { "Sid": "FinoutBucketPermissions", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::", "Condition": { "StringEquals": { "s3:delimiter": "/" }, "StringLike": { "s3:prefix": "*" } } }, { "Sid": "FinoutMetricFilesPermissions", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3::://*" } ] } ``` 2. **Prepare kube-state-metrics (Prerequisite):**\ Use kube-state-metrics version 2.0.2 or later.\ If your cluster uses the prometheus-kube-state-metrics DaemonSet, add the flag below so kube-state-metrics exports all required labels to your Prometheus endpoint (you can adjust the pattern to match your setup): `--metric-labels-allowlist=pods=[*]`*`,nodes=`*`[*]`\ \ Do this by adding an arg to the kube-state-metrics container, for example: ```yaml spec: containers: args: --port=8080 --metric-labels-allowlist=pods=[*],nodes=[*] ``` 3. Click **Next**. ## 4. Configure and Create the CronJob

1. Copy the CronJob configuration below to a file and modify the values of the relevant environment variables (for example, cronjob.yaml):| Example YAML: ```yaml apiVersion: batch/v1 kind: CronJob metadata: name: finout-prometheus-exporter-job spec: successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 concurrencyPolicy: Forbid schedule: "*/30 * * * *" jobTemplate: spec: template: spec: containers: - name: finout-prometheus-exporter image: finout/finout-metrics-exporter:2.0.3 imagePullPolicy: Always env: - name: S3_BUCKET value: "" - name: S3_PREFIX value: "" - name: CLUSTER_NAME value: "" - name: HOSTNAME value: "..svc.cluster.local" - name: PORT value: 9090 restartPolicy: OnFailure ``` * This is an example of a CronJob that schedules a Job every 30 minutes. * The job queries Prometheus with a 5-second delay between queries to prevent overloading your Prometheus stack. 2. Modify the suggested YAML file above, if needed. #### YAML Environment Variables:

Category	Variable	Description	Required / Optional	Default	Notes
Scope & Multi-Cluster Behavior	CLUSTER_NAME	The cluster name defines the folder where metrics are stored in S3 and also appears as the cluster name within the Finout app.	Required	None	Identifies the metrics source cluster.

Category	Variable	Description	Required / Optional	Default Value	Notes
Auth & Identity	ROLE_ARN	ARN for IAM role to assume for authorization.	Optional	None	Used if assuming a role instead of direct access.
Auth & Identity	ROLE_EXTERNAL_ID	External ID for assumed role.	Optional	None	Only needed if the IAM role requires an external ID.
Storage & Paths	S3_BUCKET	Customer’s S3 bucket to store the exported metrics.	Required	None	Must exist in customer’s environment.
Storage & Paths	S3_PREFIX	S3 prefix where metrics will be stored.	Required	None	For example, k8s/prometheus has to be the same s3_prefix if multiple per cluster integrations within the same cost center config.
Endpoint & Connectivity	SCHEME	The protocol used when calling the Prometheus metrics endpoint: either `https` or `http`	Optional	`http`	-----
Endpoint & Connectivity	PATH_PREFIX	Optional sub-path between host/port and the Prometheus metrics API.	Optional	None	-----
Endpoint & Connectivity	HOSTNAME	The Prometheus compatible API endpoint.	Optional	`localhost`	Must be reachable from the pod running the Finout exporter cronjob.
Endpoint & Connectivity	PORT	API port	Optional	`9090`	Standard Prometheus port.
Query Window & Data Volume	TIME_FRAME	Time range per query in seconds.	Optional	`3600`	Lower values reduce query load and risk of OOM.
Query Window & Data Volume	BACKFILL_DAYS	Days of historical data to fetch on first run.	Optional	`3d`	Large values increase load and risk of slow queries.
Query Window & Data Volume	INITIAL_BACKFILL_DATE	Defines the initial backfill start date	Optional	None	Available starting from the Exporter’s v2.0.0 value should be in YYYY-MM-DD format. limited to maximum 3 days.
Query Window & Data Volume	QUERIES_BATCH_SIZE	Controls how many queries are processed per batch to manage memory usage.	Optional	5	Available starting from the Exporter’s v2.0.0 Default is 5. Lowering it reduces memory usage but may increase overall runtime. Minimum is 1 If a customer sees OOM kills / memory pressure, recommend reducing QUERIES_BATCH_SIZE before changing anything else.

To configure these fields, add them to the configuration file under the env section and use the name/value format for each desired field. For example: ```yaml env: - name: TIME_FRAME value: "3600" - name: BACKFILL_DAYS value: "3d" ``` Ensure that the field names and the corresponding values are correctly specified to apply the desired configuration. 4. Run the command in a namespace of your choice, preferably the one where the Prometheus stack is deployed: `kubectl create -f ` 5. Trigger the job (instead of waiting for it to start):\ `kubectl create job --from=cronjob/finout-prometheus-exporter-job finout-prometheus-exporter-job -n ` The job automatically fetches Prometheus data from 3 days ago up to the current time.

Note: This can be changed by modifying your BACKFILL_DAYS variable.

6. Click **Save**.\ The Prometheus cost center is created. ## 5. Select Cost Centers

1. Select the cost centers that this integration will enrich with Kubernetes metrics. These cost centers can then attribute Kubernetes costs for supported services (EKS, GKE, and AKS) by namespace, workload, and label. 2. Click **Complete Integration**.\ The cost center will be created in about 48 hours.

{% hint style="info" %} **Note**: * If this cost center is already enriched by a Kubernetes integration, ensure there are no overlapping nodes between the integrations to avoid duplicated costs and resources. * You can hover over every created cloud cost center and see all the Kubernetes cost centers that enrich it.

{% endhint %} ## 6. Validate Your Kubernetes Integration **Confirm that your Prometheus Integration is working correctly:** #### S3 Validation To confirm that Prometheus metrics are being exported correctly to your S3 bucket: 1. **Navigate to the S3 path**, for example:\ `s3://cur-bucket/k8s/prometheus/prod-cluster/end=20251101/day=5/`\ You should see a list of metric folders, such as: `metric=cpu_requests/` 2. **Open a metric folder** and verify that `.json.gz` files are uploaded. Each file should have a timestamp prefix, for example:\ `s3://cur-bucket/k8s/prometheus/prod-cluster/end=20251101/day=5/metric=cpu_requests/1759622400_cpu_requests.json.gz`\ If these files appear, the CronJob ran successfully, and Prometheus metric files were generated and stored in the correct S3 structure. #### Data Availability Kubernetes cost and usage data will appear across Finout within 48 hours, matching the standard cloud billing data delivery window. {% hint style="info" %} **Note**: If any issues occur, share your exporter logs with Finout support at for further investigation. {% endhint %} For more information, please see the [FAQs](https://docs.finout.io/kubernetes-integrations/kubernetes/prometheus/prometheus-faqs) and [Troubleshooting](https://docs.finout.io/kubernetes-integrations/kubernetes/prometheus/prometheus-troubleshooting) section.\ For new updates to the Prometheus Exporter introduced between versions and their impact on cost calculation, refer to the [release notes](https://docs.finout.io/kubernetes-integrations/kubernetes/prometheus/prometheus-metrics-exporter-release-notes).