The True Cost of Running Kubernetes in Production (and When It's Not Worth It)
A detailed cost breakdown of running Kubernetes in production including hidden costs like platform teams, monitoring, security, and node overhead — with guidance on when simpler alternatives win.
The Kubernetes pricing page for any cloud provider shows a modest management fee. Azure charges EUR 0.10/hour for AKS. Google charges nothing for GKE standard. AWS charges USD 0.10/hour for EKS. These numbers create a dangerous illusion: that Kubernetes is cheap.
In reality, the management fee is 1-2 % of the total cost of running Kubernetes in production. The rest — platform engineering, monitoring, security, networking, node overhead, and the organisational cost of complexity — is rarely calculated before adoption. This article provides an honest total cost model and clear guidance on when Kubernetes is justified and when simpler alternatives deliver better outcomes.
The Total Cost Model
We have built this model from dozens of enterprise Kubernetes deployments. All figures are based on the German/EU market and Azure pricing as of 2026.
Scenario: Mid-size enterprise application platform
- 3 AKS clusters (production, staging, development)
- 20 microservices in production
- 50 developers deploying to the platform
- Typical European enterprise compliance requirements
Cost breakdown
| Cost Category | Monthly (EUR) | Annual (EUR) | % of Total |
|---|---|---|---|
| AKS cluster fees (3 clusters) | 219 | 2,628 | 1.2 % |
| Compute nodes (production) | 2,700 | 32,400 | 14.5 % |
| Compute nodes (staging) | 900 | 10,800 | 4.8 % |
| Compute nodes (development) | 600 | 7,200 | 3.2 % |
| Load balancers (3 clusters) | 54 | 648 | 0.3 % |
| Managed disks (OS + persistent) | 180 | 2,160 | 1.0 % |
| Egress traffic | 350 | 4,200 | 1.9 % |
| Container registry (Premium) | 150 | 1,800 | 0.8 % |
| Log Analytics | 400 | 4,800 | 2.1 % |
| Defender for Containers | 225 | 2,700 | 1.2 % |
| Key Vault (secrets) | 20 | 240 | 0.1 % |
| Monitoring stack (Prometheus/Grafana) | 300 | 3,600 | 1.6 % |
| Platform team (2.5 FTE) | 12,500 | 150,000 | 67.1 % |
| Total | 18,598 | 223,176 | 100 % |
The cluster management fee is EUR 219/month. The total cost is EUR 18,598/month. Platform team salaries represent 67 % of the total cost.
What the platform team actually does
The 2.5 FTE is not arbitrary. Here is what a production Kubernetes platform requires:
Senior Platform Engineer (1.0 FTE):
- Cluster upgrades and patch management (Kubernetes releases every 4 months)
- Network architecture and troubleshooting
- Security hardening and incident response
- Capacity planning and cost optimisation
- On-call rotation (shared)
Mid-Level Platform Engineer (1.0 FTE):
- CI/CD pipeline maintenance and developer support
- Monitoring and alerting configuration
- Helm chart and Kustomize template management
- Namespace and RBAC management
- On-call rotation (shared)
Part-Time Security/Compliance (0.5 FTE):
- Container image scanning and vulnerability management
- Policy enforcement (OPA/Gatekeeper, Kyverno)
- Compliance audit preparation
- Security baseline maintenance
Hiring these engineers in the German market is difficult and expensive. Senior Kubernetes engineers command EUR 90,000-130,000 in salary. The 3-6 month lead time to hire compounds the problem.
Hidden Cost Deep Dive
Node overhead: 15-25 % of capacity
Every Kubernetes node reserves resources for system components. On a Standard_D4s_v5 (4 vCPUs, 16 GB RAM), the actual capacity available for your workloads is:
On a 10-node cluster, you are paying for 40 vCPUs but only getting 33 vCPUs of usable capacity. That is EUR 500-700/month in wasted compute.
Over-provisioning: The silent budget killer
Kubernetes best practice is to set resource requests and limits on every pod. In practice, most teams over-provision because:
- Fear of OOMKill: Developers set memory limits 2-3x higher than actual usage
- CPU throttling avoidance: CPU requests are set high to guarantee performance
- No iterative tuning: Resources are set once and never adjusted
A typical cluster runs at 30-40 % actual utilisation against requested resources. This means 60-70 % of your compute budget is allocated but unused.
# Check actual vs requested resource utilisation
kubectl top pods --all-namespaces --sort-by=cpu | head -20
# VPA (Vertical Pod Autoscaler) recommendations
kubectl get vpa --all-namespaces -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.recommendation.containerRecommendations[*].target}{"\n"}{end}'Networking costs that accumulate
| Component | Monthly Cost (EUR) | Notes |
|---|---|---|
| Standard Load Balancer | 18 per LB | Each Service type: LoadBalancer creates one |
| Public IP addresses | 3.60 per IP | Static IPs for ingress |
| Egress (inter-region) | 0.02/GB | Adds up with microservice cross-region calls |
| Egress (internet) | 0.05-0.087/GB | API responses, webhook deliveries |
| Private endpoint | 7.30 per endpoint | For each PaaS service accessed privately |
| Azure Firewall (if used) | 912 | Significant cost if centralised |
| VNet peering | 0.01/GB per direction | Hub-spoke adds per-GB cost |
A common mistake: creating a Kubernetes Service of type LoadBalancer for every microservice. With 20 microservices, that is 20 load balancers at EUR 18 each = EUR 360/month. Use an ingress controller (one load balancer) instead.
Monitoring and observability
Production Kubernetes generates enormous volumes of logs, metrics, and traces. The monitoring stack itself becomes a significant cost:
All options converge around EUR 1,200-1,500/month for a modest cluster. This is rarely budgeted during the "let's adopt Kubernetes" phase.
Security tooling
| Tool | Purpose | Monthly Cost (EUR) |
|---|---|---|
| Defender for Containers | Runtime threat detection | 75 per cluster |
| Trivy/Snyk | Container image scanning | 0-500 (varies) |
| OPA Gatekeeper / Kyverno | Policy enforcement | 0 (OSS) + engineer time |
| Falco | Runtime security monitoring | 0 (OSS) + engineer time |
| Sealed Secrets / External Secrets | Secret management | 0 (OSS) + engineer time |
The open-source tools are "free" but require engineering time to deploy, configure, maintain, and upgrade. Budget 0.3-0.5 FTE for security tooling maintenance.
When AKS Is Justified
AKS earns its cost when:
- You have 15+ microservices and the organisational complexity warrants a dedicated platform
- You need Kubernetes-specific features: custom operators, CRDs, service meshes, GPU node pools, DaemonSets
- You already have a platform team (or are building one for other reasons)
- Multi-cluster, multi-region deployments are required for DR or global distribution
- Compliance frameworks require infrastructure-level control (node OS hardening, CIS benchmarks, audit logs)
- Developer velocity justifies the investment: If 50+ developers deploy daily and a platform team improves their productivity by even 10 %, the ROI is clear
When Container Apps or App Service Wins
Azure Container Apps
Container Apps is the right choice when you want containers without Kubernetes:
- 3-15 microservices
- No custom operators or CRDs needed
- Dapr for service-to-service communication is sufficient
- Scale-to-zero is valuable (dev/test environments, low-traffic services)
- No dedicated platform team available
Cost comparison for the same 20-microservice scenario on Container Apps:
| Cost Category | Monthly (EUR) |
|---|---|
| Container Apps compute | 800 |
| Container registry | 50 |
| Monitoring (Azure Monitor) | 300 |
| Egress | 200 |
| Platform engineer (0.5 FTE) | 2,500 |
| Total | 3,850 |
That is EUR 3,850/month versus EUR 18,598/month for AKS — a 79 % reduction, primarily from eliminating the need for a dedicated platform team.
Azure App Service
App Service is still a valid choice for:
- Traditional web applications (not microservices)
- .NET and Java applications with deployment slot requirements
- Teams familiar with PaaS who do not want containers
- Simple auto-scaling based on CPU/memory metrics
The "Kubernetes Resume-Driven Development" Problem
We need to address this honestly. A significant number of Kubernetes adoptions are driven by engineers who want Kubernetes experience on their CVs, not by workload requirements. Signs of resume-driven Kubernetes adoption:
- The team has 3-5 microservices but insists on AKS
- Nobody can articulate which Kubernetes features they need that Container Apps lacks
- The "platform team" is one engineer who also does application development
- The cluster runs at 20 % utilisation with no plan to grow
This is not a moral judgement — career development is a valid concern for engineers. But it should not be the primary driver of infrastructure decisions that cost the organisation EUR 200,000+/year.
Cost Optimisation for Existing AKS Deployments
If you are already running AKS and the cost is justified, optimise it:
1. Right-size node pools
# Export current node utilisation
kubectl top nodes --sort-by=cpu
kubectl top nodes --sort-by=memory
# Deploy VPA in recommendation mode
kubectl apply -f https://github.com/kubernetes/autoscaler/releases/latest/download/vertical-pod-autoscaler.yaml2. Use spot node pools for fault-tolerant workloads
{
name: 'spotpool'
count: 3
vmSize: 'Standard_D4s_v5'
scaleSetPriority: 'Spot'
spotMaxPrice: -1 // Pay up to on-demand price
mode: 'User'
labels: { 'kubernetes.azure.com/scalesetpriority': 'spot' }
taints: [
{ key: 'kubernetes.azure.com/scalesetpriority', value: 'spot', effect: 'NoSchedule' }
]
}Spot nodes provide 60-80 % discounts but can be evicted. Use them for stateless workloads, batch processing, and development environments.
3. Scale down non-production clusters
# Scale dev cluster to zero at night (Azure CLI + cron)
az aks nodepool scale --resource-group rg-dev \
--cluster-name aks-dev --name workload --node-count 0
# Or use AKS stop/start for complete cluster hibernation
az aks stop --resource-group rg-dev --name aks-dev4. Consolidate with namespace isolation
Three clusters (prod/staging/dev) cost 3x. Consider running staging and development in one cluster with namespace isolation and resource quotas:
apiVersion: v1
kind: ResourceQuota
metadata:
name: staging-quota
namespace: staging
spec:
hard:
requests.cpu: "8"
requests.memory: 16Gi
limits.cpu: "16"
limits.memory: 32Gi
pods: "50"This reduces from 3 clusters to 2, saving approximately EUR 1,500/month in node costs.
Making the Decision
The decision framework is straightforward:
| Question | If Yes | If No |
|---|---|---|
| Do you have or can you hire a platform team (2+ FTE)? | AKS is viable | Container Apps or App Service |
| Do you use Kubernetes-specific features? | AKS is necessary | Container Apps |
| Is your infrastructure budget > EUR 10,000/month? | AKS is affordable | Container Apps or App Service |
| Do you have 15+ containerised services? | AKS may be warranted | Container Apps |
| Are you running GPU workloads? | AKS is required | Container Apps |
If you answered "no" to most of these, Kubernetes is likely not worth the investment. Container Apps provides 80-90 % of the value at a fraction of the cost and operational burden.
Next Steps
Honesty about Kubernetes costs prevents budget surprises and organisational frustration. If you are evaluating Kubernetes adoption, already running it and questioning the ROI, or looking to optimise your existing AKS deployment, contact us at mbrahim@conceptualise.de. We help enterprises make compute platform decisions based on workload requirements and total cost — not on hype cycles.
Topics