The $180,000 Kubernetes Mistake

A fintech client came to me with an architecture proposal: a multi-AZ EKS cluster, Istio service mesh, ArgoCD, Prometheus, Loki, Karpenter, the works. For four microservices doing roughly 30 requests per second at peak.

Annual cost projection: $220k. Annual cost after redesign: $40k. Same SLOs, half the people needed to operate it, and a smaller SOC2 surface.

Why "complex = secure" is a lie

Every component in your stack is something the auditor needs to see hardened, patched, and access-controlled. An EKS cluster pulls in:

• Cluster IAM, OIDC provider, IRSA roles per service
• A CNI you have to upgrade in lockstep with k8s minors
• Admission controllers, network policies, PSPs/PSAs
• A control plane that is yours to patch CVEs on

vs. ECS Fargate with the same four services:

• One task role per service
• A managed control plane AWS patches for you
• VPC + ALB, both well-understood

Fewer moving parts, fewer findings.

When Kubernetes is the right answer

I'm not anti-k8s. It's the right tool when you have:

• Dozens to hundreds of services
• A platform team of >3 humans
• Workloads that genuinely need pod-level scheduling primitives

If you have four services and two ops engineers, Fargate or App Runner will outperform k8s on every metric that matters to the business: cost, time-to-recover, audit hours.

The general principle

Complexity is a tax paid in three currencies: dollars, people-hours, and security exposure. Pay it only when the simpler thing genuinely cannot do the job.