Cloud Architecture

The $180,000 Kubernetes Mistake

The story of swapping a proposed EKS cluster for AWS Fargate at a fintech — saving $180k/year and shrinking the audit surface.

·2 min read·
#Kubernetes#Fargate#CostOptimization#Fintech

A fintech client came to me with an architecture proposal: a multi-AZ EKS cluster, Istio service mesh, ArgoCD, Prometheus, Loki, Karpenter, the works. For four microservices doing roughly 30 requests per second at peak.

Annual cost projection: $220k. Annual cost after redesign: $40k. Same SLOs, half the people needed to operate it, and a smaller SOC2 surface.

Why "complex = secure" is a lie

Every component in your stack is something the auditor needs to see hardened, patched, and access-controlled. An EKS cluster pulls in:

  • Cluster IAM, OIDC provider, IRSA roles per service
  • A CNI you have to upgrade in lockstep with k8s minors
  • Admission controllers, network policies, PSPs/PSAs
  • A control plane that is yours to patch CVEs on

vs. ECS Fargate with the same four services:

  • One task role per service
  • A managed control plane AWS patches for you
  • VPC + ALB, both well-understood

Fewer moving parts, fewer findings.

When Kubernetes is the right answer

I'm not anti-k8s. It's the right tool when you have:

  • Dozens to hundreds of services
  • A platform team of >3 humans
  • Workloads that genuinely need pod-level scheduling primitives

If you have four services and two ops engineers, Fargate or App Runner will outperform k8s on every metric that matters to the business: cost, time-to-recover, audit hours.

The decision rule

Choose the smallest platform that meets the business requirement. If you need a managed container runtime, start with AWS Fargate and prove why it is not enough before adding a cluster, ingress stack, and platform team backlog.

The same rule applies to security. A simpler platform with clear IAM, logs, and rollback often produces better evidence than a complex platform nobody fully owns. Complexity is not a maturity signal. Operability is.

The general principle

Complexity is a tax paid in three currencies: dollars, people-hours, and security exposure. Pay it only when the simpler thing genuinely cannot do the job.

Closing thought

The right platform is the one your team can run on its worst day. If a two-person ops crew can keep Fargate green at 3am during an incident, that is the maturity signal — not the number of CRDs in your cluster. Match platform complexity to operating capacity, not to architectural ambition.

Quick decision checklist

  • Fewer than 10 services? Default to Fargate, App Runner, or Cloud Run.
  • No dedicated platform team? Avoid self-managed Kubernetes.
  • Compliance scope tight? Prefer managed runtimes with smaller audit surface.
  • Already on Kubernetes and struggling? Cost out a migration honestly — six months of platform pain often pays back in twelve.
Public profile lookup

Ask AI About the Author

Open this query in ChatGPT, Claude, or Perplexity.

Comments

Comments are open to confirmed email subscribers. Use the email you subscribed with. To edit a comment, delete it and post a new one.

0/2000
Verify:

    Get new field notes by email

    Field notes from someone who ships before they write about it. Sovereign AI, AI-SDLC, DevOps, and what 59 production deployments teach you. No spam. Unsubscribe anytime.

    Related field notes