All Products
Search

This Product

    Container Service for Kubernetes:How to use cost insights for registered clusters

    Document Center

    Container Service for Kubernetes:How to use cost insights for registered clusters

    Last Updated:Mar 26, 2026

    Cost insights lets you view cluster-level billing breakdowns, namespace cost allocations, and resource utilization trends for registered clusters — giving you the data to identify waste and reduce spend.

    Prerequisites

    Before you begin, make sure you have:

    Limitations

    • Billing data is available at 08:00:00 (UTC+8) the next day. Cost data from before you enabled cost insights is not included.

    • The Day-on-day ratio and Estimated cost of next day metrics require two consecutive days of data to display.

    • Weekly and monthly cumulative costs reset to zero on the first day of each billing period, because bills are generated one day after the transaction date.

    • Cost analysis only tracks cloud resources exclusive to your cluster. Resources shared across multiple clusters are not included.

    • If you disable the cost allocation tag (key: ack.aliyun.com) in the Expenses and Costs console, the cluster cost data stops being collected. To re-enable collection, turn on the tag with key ack.aliyun.com and the tag with key ack.alibabacloud.com/nodepool-id on the Cost allocation tags page.

    • Clusters must have internet access (via a NAT gateway or equivalent) to query billing data in certain regions.

    Enable cost insights

    Enable cost insights within a single account

    Step 1: Grant RAM permissions to ack-cost-exporter

    Use onectl

    1. Install onectl on your local machine. See Use onectl to manage registered clusters.

    2. Run the following command:

      onectl ram-user grant --addon ack-cost-exporter

      Expected output:

      Ram policy ack-one-registered-cluster-policy-ack-cost-exporter granted to ram user ack-one-user-ce313528c3 successfully.

    Use the console

    1. Create a RAM user.

    2. Create a custom policy with the following content, which grants ack-cost-exporter access to the billing and resource pricing APIs it needs:

      {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "bssapi:QueryInstanceBill",
                "bssapi:DescribeInstanceBill"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecs:DescribeDisks",
                "ecs:DescribeSpotPriceHistory",
                "ecs:DescribeInstances",
                "ecs:DescribePrice"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "eci: DescribeContainerGroupPrice",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    3. Attach the custom policy to the RAM user.

    4. Create an AccessKey pair for the RAM user.

      Warning

      Configure an AccessKey network access restriction policy to limit AccessKey invocations to trusted network environments.

    5. Create a Secret named alibaba-addon-secret in the kube-system namespace of the registered cluster:

      kubectl -n kube-system create secret generic alibaba-addon-secret \
  --from-literal='access-key-id=<your AccessKey ID>' \
  --from-literal='access-key-secret=<your AccessKey Secret>'

    Step 2: Install ack-cost-exporter

    Use onectl

    onectl addon install ack-cost-exporter

    Expected output:

    Addon ack-cost-exporter, version **** installed.

    Use the console

    1. Log in to the ACK console and click Clusters in the left-side navigation pane.

    2. Click the cluster name, then choose Applications > Helm in the left-side navigation pane. If ack-cost-exporter already appears in the Helm release list, delete it before continuing.

    3. In the left-side navigation pane of the cluster details page, choose Operations > Add-ons.

    4. On the Add-ons page, click the Logs and Monitoring tab, find ack-cost-exporter, and click Install in the lower-right corner. Then click OK.

    Enable cost insights across accounts

    Use this setup when a registered cluster in account A manages an ACK cluster in account B. You need to authorize cost insights in account B so it can access account B's billing data, and configure ack-cost-exporter in account A to point to account B's cluster.

    Role summary:

    Account Role Action required
    Account B Hosts the ACK cluster Grant RAM permissions to access its own billing data
    Account A Hosts the registered cluster Install ack-arms-prometheus and configure ack-cost-exporter

    Step 1: Configure RAM permissions for account B

    1. Log in to the ACK console using account B credentials and click Clusters in the left navigation pane.

    2. Find the cluster and click its name. In the left navigation pane, choose Cost Suite > Cost Insights.

    3. Authorize the ACK cluster to access billing data in the User Center. The authorization steps differ by cluster type: ACK managed clusters The system automatically creates the AliyunCSManagedCostRole RAM role and grants the required permissions. Managed Service for Prometheus assumes this role to access billing data. Alternatively, authorize directly on the RAM Quick Authorization page. ACK dedicated clusters

      1. On the Cost Insights page, click KubernetesWorkerRole-***.

      2. On the Permissions tab of the RAM role details page, click k8sWorkerRole** in the Policy** column.

      3. On the Policy Document tab, click Edit Policy Document.

      4. In the code editor, add the following to the Statement field, then click OK:

        { "Action": [ "bssapi:QueryInstanceBill", "bssapi:DescribeInstanceBill" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "ecs:DescribeDisks", "ecs:DescribeSpotPriceHistory", "ecs:DescribeInstances", "ecs:DescribePrice" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "eci: DescribeContainerGroupPrice" ], "Resource": "*", "Effect": "Allow" }
        Note

        Add a comma after each action block before inserting the next one.

      The ACK cluster in account B must not have ack-arms-prometheus installed. If it is installed, uninstall it before proceeding.

    Step 2: Install components in account A

    1. Install ack-arms-prometheus in account A, where the registered cluster runs. See Enable Managed Service for Prometheus for a registered cluster.

    2. Configure ack-cost-exporter in account A to point to account B's ACK cluster:

      1. Log in to the ACK console using account A credentials and click Clusters in the left-side navigation pane.

      2. Click the registered cluster name, then choose Applications > Helm in the left-side navigation pane. If ack-cost-exporter already appears in the Helm release list, delete it before continuing.

      3. In the left-side navigation pane, choose Operations > Add-ons.

      4. On the Add-ons page, click the Logs And Monitoring tab, find ack-cost-exporter, and click Install in the lower-right corner.

      5. In the Install ack-cost-exporter dialog, set registeredAckClusterId to the cluster ID of the ACK cluster in account B, then click OK.

    Cost definitions

    Before reviewing the dashboards, understand the key cost metrics and how they are calculated:

    Term Description
    Actual billing cost with discount The payment amount for cloud resources in the cluster, after discounts. This is the default view.
    Original billing cost without discount The bill amount based on list prices on the Alibaba Cloud International site. See Bill Details.
    Real-time estimated cost Estimated namespace cost calculated as Σ (Pod resource request / Node capacity) × Node unit price. This accounts for price differences across nodes of different specifications and billing methods. Due to deferred billing for discounts, vouchers, and subscription, estimated costs may differ from actual bill amounts.
    Allocated cost The actual cluster cost multiplied by the namespace's cost ratio. Use this to approximate actual namespace spend.
    Day-on-day ratio The ratio of the previous day's cost to the cost two days prior. Green indicates a decrease; red indicates an increase.
    Application costs by namespace or pod are calculated based on the bill amount. Namespaces with no CPU resource requests configured are excluded from namespace cost calculations.

    Usage notes

    After cost insights is enabled, billing data appears at 08:00:00 (UTC+8) the following day. Use the drop-down list in the upper-right corner of any dashboard to change the time range. The default time range is the last 7 days.

    Cluster dimension

    Filter criteria

    image.png
    Feature Number Description
    Cluster cost analysis options (1) Two options: Actual billing cost with discount (default) — the payment amount for cloud resources in the cluster; Original billing cost without discount — the bill amount based on list prices. See Bill Details.
    Cost allocation models (2) Four models: CPU model (default) — estimates pod cost by CPU resource request; Memory model — estimates pod cost by memory resource request; CPU-Memory hybrid model (recommended weights) — uses recommended CPU and memory weights; CPU-Memory hybrid model (custom weights) — uses custom weights; requires setting CPU weight setting (%). See Cost estimation policies.
    Time range (3) The time range of data shown in the dashboard. Default is the last 7 days.

    Cluster cost overview

    image
    Feature Number Description
    Cost allocation model in use (1) Displays the active cost allocation model. The CPU model is selected by default.
    Previous day's cost, weekly cumulative cost, and monthly cumulative cost (2) All figures are based on the bill amount for cloud resources in the cluster. Weekly cumulative cost resets on Monday and monthly cumulative cost resets on the first day of each month, because bills are generated one day after the transaction date. The day-on-day ratio compares the previous day's cost to the day before it. Green indicates a decrease; red indicates an increase.
    Cluster cost and capacity trends (3) The yellow curve shows cluster cost and the blue curve shows actual cluster capacity. When the curves diverge, it typically means the average cost per CPU core has changed — check whether higher-priced resources are being used.
    Real-time estimated cost per namespace (4) The estimated cost of each namespace, calculated as the sum of costs of all pods in that namespace.
    Allocated cost per namespace (5) The cluster cost allocated to each namespace based on its cost ratio. Cost insights uses this formula: Σ (Pod resource request / Node capacity) × Node unit price. To get the allocated cost, multiply the total cluster cost by the namespace's cost ratio.

    Stability and efficiency analysis

    image
    Feature Number Description
    Total cluster resource usage (1) Shows the number of pods by QoS class and total resource usage in the cluster.
    Pod resource usage (2) Lists basic information and resource usage (Usage/Request) for all pods. Supports filtering and sorting — use this to identify workloads with the highest or lowest resource usage.
    Burstable pod resource configurations (3) Lists resource requests and limits for Burstable pods. Use filtering and sorting to identify resource bottlenecks and understand how much cluster resource each Burstable pod consumes.
    BestEffort pod resource configurations (4) Lists BestEffort pods, which carry a higher stability risk due to having no resource requests or limits. Filter and sort to check for unexpected BestEffort pods and address risks early.

    For details, see Use cost insights to identify risks for cluster workloads.

    Cluster cost analysis

    image
    Feature Number Description
    Cloud resource cost ratios (1) and (2) Shows the cost share of each cloud resource type in the cluster and how those costs change over time. Use this to identify which resource types are driving cost increases.
    Total cluster cost trend (3) Shows daily changes in the total cluster cost.
    Node pool and virtual node costs (4) Shows the cost of each node pool or virtual node in the cluster.
    Namespace real-time estimated cost trends (5) Shows how estimated namespace costs change over time. Calculated using: Σ (Pod resource request / Node capacity) × Node unit price. To get the allocated cost, multiply the total cluster cost by the namespace's cost ratio.
    Cluster resource request and utilization (6) Helps you analyze resource watermarks and identify waste. Y-axis: total allocatable resources in the cluster. Green column: resources requested within the current hour. Yellow column: actual resource usage within the current hour. Resources allocated but unused = Green column − Yellow column. Allocatable cluster resources = Y-axis − Green column. Use these metrics to: avoid wasting unallocated resources (keep ~20% unallocated as a buffer and adjust pod resource requests or downgrade instances as needed); reduce allocated-but-unused waste (identify pods with excessive requests using namespace-level stats, then adjust accordingly); right-size for periodic workloads (use watermark trends to resize cluster capacity and configure scaling policies).
    Cluster billing details (7) and (8) Daily billing records organized by cloud resource type or instance.

    Set custom pricing for on-premises nodes

    By default, cost insights calculates on-premises node and application costs at CNY 0.2/vCore hour. Two configuration options let you override this default.

    Option 1: Set a uniform price for all on-premises nodes

    Add the DefaultIDCPricePerCPUCoreHour environment variable to the ack-cost-exporter Deployment in the kube-system namespace. The unit is CNY/vCore hour.

    env:
# Set the CPU unit price to CNY 0.3/vCore hour.
- name: DefaultIDCPricePerCPUCoreHour
  value: "0.3"

    Option 2: Set a price for a specific node

    Add the node.kubernetes.io/price-per-day label to a node. The unit is CNY/day. The following command sets the price for a node to CNY 100/day:

    kubectl label nodes <node-name> node.kubernetes.io/price-per-day="100"

    FAQ

    Why is no data displayed after I enable cost analysis?

    Check whether you completed RAM role authorization — this is the most common cause. Monitoring data starts collecting within 3 minutes of enabling cost insights, but billing data only appears at 08:00:00 (UTC+8) the following day. Also verify that your cluster has internet access via a NAT gateway or equivalent, as some regions require it to query billing data.

    Why does the cost of a namespace differ from the actual bill amount?

    Namespace costs are estimates based on list prices, not actual charges. Discounts, vouchers, and cost savings plans reduce your actual cluster bill but are not reflected in the per-namespace estimate. To get a closer approximation of actual namespace cost, multiply your actual cluster bill by the namespace's cost ratio.

    Why is pod cost data missing for some nodes?

    The RAM role is likely missing the ecs:DescribeDisks permission. Verify the permission policy includes it. See Step 1 in the Enable cost insights topic.

    Why does the bill not show all cloud services used by my cluster?

    Cost analysis only collects data for cloud resources exclusively tied to your cluster, identified by the tag ack.aliyun.com:{{ClusterId}}. Resources shared across multiple clusters are not tracked. If the tag was disabled, re-enable both ack.aliyun.com and ack.alibabacloud.com/nodepool-id on the Cost allocation tags page of the Expenses and Costs console.

    Why is the monthly or weekly spending lower than expected?

    Cost data is only collected from the date you enabled cost insights. Historical billing data from before that date is not included in the calculations.