Key takeaways

  • Kubernetes bills balloon because the two numbers that drive them, pod requests and idle node capacity, are invisible by default. You pay for reserved capacity, not usage.
  • FinOps is a loop, not a project: Inform (make spend visible per team), Optimize (rightsize, spot, autoscale), Operate (keep it from drifting back).
  • The biggest single lever is rightsizing. Cast AI’s 2026 report puts CPU overprovisioning near 69% — most of that is pure waste.
  • Spot plus autoscaling takes 70–90% off the compute bill for the right workloads; governance-as-code stops savings from eroding the moment attention moves on.
  • Teams without a FinOps practice waste an estimated 32–40% of cloud spend; mature teams pull that down to 15–20%.

Kubernetes made compute elastic. It also made the bill opaque. A cluster will happily schedule pods that ask for eight times the CPU they use, keep half-empty nodes running through the night, and never once tell finance which team is responsible. The result is a line item that grows faster than traffic, and a quarterly conversation nobody enjoys.

This is not a tooling gap you buy your way out of. It’s a discipline: FinOps applied to the specific mechanics of Kubernetes. According to CNCF’s FinOps for Kubernetes research, 68% of organizations saw their Kubernetes costs rise, with roughly half reporting increases above 20%. The teams that reverse this don’t find a magic dashboard. They make spend visible, act on the waste, and build guardrails so it stays gone.

Why the Kubernetes bill is invisible by default

You are billed for capacity you reserve, not capacity you use. A pod’s resources.requests reserves CPU and memory on a node whether the workload touches them or not. Set those requests as a comfortable safety margin, multiply across hundreds of pods, and the scheduler packs nodes around numbers that have little to do with reality. The gap between requested and used is the waste, and nothing in a default cluster surfaces it.

The second invisible number is idle node capacity. When requests are inflated, the scheduler can’t bin-pack tightly, so you run more nodes than the real workload needs. Each node is a full instance on the bill. Neither of these shows up in a cloud provider’s invoice, which reports instances and disks, not namespaces and teams. That accounting mismatch is the core problem: the cloud bill speaks the language of infrastructure, while your cost owners think in the language of applications.

FinOps is a loop, not a one-off cleanup

FinOps, as defined by the FinOps Foundation, runs on three phases that repeat: Inform, Optimize, Operate. Inform is visibility: allocate spend to the teams and applications that generate it, so cost has an owner. Optimize is action: rightsize requests, move fault-tolerant work to spot, eliminate idle resources, apply commitment discounts. Operate is durability: track cost against business goals continuously so the savings don’t decay.

Most cost-cutting efforts fail because they stop after a single Optimize pass. Someone spends a sprint rightsizing, the graph dips, and six months later it’s back where it started because nothing changed the behavior that created the waste. The loop is the point. A one-time cleanup is a snapshot; FinOps is the practice that holds the line.

Rightsizing: stop paying for requests you don’t use

Rightsizing is the highest-leverage move available, because overprovisioned requests are the root of both invisible costs. Cast AI’s 2026 Kubernetes cost report found CPU overprovisioning reached roughly 69% across the clusters it analyzed: for every three cores reserved, two sit idle and billed. Bring requests down toward real usage and two things happen at once: the reservation waste disappears, and the scheduler bin-packs onto fewer nodes.

The mechanism is straightforward but easy to get wrong by hand. The Vertical Pod Autoscaler observes actual consumption and recommends requests from data instead of a nervous guess. Run it in recommendation mode first, read the numbers, then apply. Set requests to the workload’s real steady-state, keep limits sane to protect noisy neighbors, and revisit as traffic patterns shift. This is unglamorous work, and it is where most of the money is.

Spot and autoscaling: 70–90% off the right workloads

Spot instances deliver the largest per-unit discount in the cloud, typically 70–90% below on-demand, and in 2026 the interruption handling is mature enough to use in production. The catch is that the provider can reclaim the capacity on short notice, so spot is for work that tolerates a node vanishing: stateless services behind a load balancer, batch and CI, anything that reschedules cleanly. Stateful singletons and latency-critical paths stay on-demand.

The tool that makes this practical is a workload-aware autoscaler. Karpenter provisions nodes to fit pending pods, mixes spot and on-demand by policy, and drains interrupted nodes gracefully so a reclaim is a non-event rather than an incident. Pair spot with tight requests and you compound the wins: fewer nodes, and each node far cheaper. This is the combination that turns a scary bill into a boring one.

Governance as code: keep the savings from drifting back

Optimization erodes the moment attention moves on, unless the guardrails live in the cluster. This is where policy engines earn their place: Kyverno and Open Policy Agent let you encode cost rules as admission policy, so the cluster refuses waste before it’s ever scheduled. Reject pods with no requests, cap oversized requests, block workloads that ask for a whole node’s worth of memory without justification, require the cost-center label that makes allocation possible.

The shift is from cleanup to prevention. A rightsizing sprint fixes yesterday’s waste; an admission policy stops tomorrow’s from being created. Policy-as-code is also what lets a small platform team hold the line across dozens of clusters and hundreds of developers without becoming a manual gate. The guardrail runs on every apply, forever, and never gets tired.

The metrics that actually move the bill

Total cloud spend is a lagging number that tells you nothing actionable. The metrics that drive decisions are cost per namespace, cost per application, CPU and memory utilization, and idle-resource percentage. Cost per namespace gives waste an owner. Utilization tells you whether requests match reality. Idle percentage is the headroom you’re paying for and not using.

OpenCost, a CNCF project, allocates real cloud spend down to the namespace, controller, and pod, translating the infrastructure invoice into the application language your teams think in. That translation is the whole game. Once a team can see its own number and is measured against it, behavior changes without anyone issuing a mandate. Visibility with ownership does more than any single optimization, because it makes the optimization someone’s job.

Where teams get stuck

The pattern we see repeatedly: a team knows the bill is too high, runs one heroic rightsizing pass, saves 30% for a quarter, and watches it climb back because nothing operationalized the discipline. The gap is rarely knowledge of what to do. It’s the wiring that makes it durable: allocation every team trusts, autoscaling and spot configured for the actual workload mix, and policy that holds the line without a human in the loop.

That wiring is platform engineering work, and it’s what we build. We treat cost as a property of the platform, reconciled continuously alongside reliability and security, not a spreadsheet someone reconciles at quarter-end. The goal is a cluster where the cheap way and the right way are the same way, enforced by the system rather than by vigilance.

Straight answers

Frequently asked questions

What is Kubernetes FinOps?

Kubernetes FinOps is the practice of bringing engineering, finance, and operations together to manage the cost of running workloads on Kubernetes. It follows the FinOps Foundation's Inform, Optimize, Operate loop: make cluster spend visible per team and app, act on waste through rightsizing and spot, then run it continuously.

Why are Kubernetes costs so hard to control?

Because the two numbers that drive the bill, pod requests and idle node capacity, are invisible by default. A cluster charges you for reserved capacity, not usage, so overprovisioned requests and half-empty nodes quietly inflate spend. Without cost-per-namespace visibility, no one owns the waste.

What is rightsizing in Kubernetes?

Rightsizing is aligning a workload's CPU and memory requests with what it actually uses. Most teams set requests far above real usage as a safety margin; Cast AI's 2026 report found CPU overprovisioning near 69%. Tools like the Vertical Pod Autoscaler recommend requests from observed usage instead of guesses.

How much can spot instances save on Kubernetes?

Spot (or preemptible) instances typically cut compute cost by 70 to 90 percent versus on-demand. The trade-off is interruption: nodes can be reclaimed with short notice. Fault-tolerant, stateless, and batch workloads are the safe candidates, ideally scheduled by an autoscaler like Karpenter that handles interruptions gracefully.

What cost metrics should a Kubernetes team track?

Go beyond total cloud spend. Track cost per namespace, cost per application, CPU and memory utilization, and idle-resource percentage. These reveal where money goes and who owns it. Open-source OpenCost, a CNCF project, allocates spend down to the namespace and workload level.

Do we need a FinOps tool, or can we start with open source?

You can start with open source. OpenCost gives per-namespace allocation, Kyverno enforces cost guardrails as policy, and the Vertical Pod Autoscaler drives rightsizing. Commercial platforms add automation and multi-cluster reporting, but the discipline, not the tool, is what moves the bill.