This is part 2 of our Introduction to FinOps for Kubernetes: Challenges and Best Practices article series. In Part 1 we outlined some of the core challenges associated with implementing FinOps processes for cloud native Kubernetes environments.
In this installment we will outline a comprehensive list of best practices aimed at implementing FinOps processes for cloud native Kubernetes environments. We will also outline how best to overcome the challenges that Kubernetes presents to the implementation of a cloud native FinOps framework.
We will outline best practices based on the activities performed during each FinOps life cycle phase. These would include the inform, optimize and operate phases.
Let’s get started.
Use Kubernetes Labels to Implement a Comprehensive Tagging Strategy
Tagging is a central pillar of the inform phase of the FinOps framework. Tagging allows FinOps teams to allocate cloud and infrastructure costs to organizational groupings. This in turn enables unit economics - a FinOps concept which advocates tracking cloud and infrastructure costs in the context of their impact on previously identified business metrics for each custom organizational grouping.
A best practice in this context is for FinOps teams to develop a comprehensive Kubernetes labelling regime in consultation with Kubernetes administrators and Ops teams. This labelling regime should be based on the organizational groupings previously identified by the FinOps teams.
FinOps teams should also identify a set of required labels that need to be defined for every Kubernetes resource that is provisioned. To ensure required labels are applied to each new resource, Kubernetes administrators can use a ConstraintTemplate CRD in OPA Gatekeeper.
The ConstraintTemplate CRD will ensure that only resources with the requisite labels are provisioned.
Identify Untagged Resources
Once a tagging strategy has been developed and implemented, the next step is to institute a regular process for identifying untagged resources. This will ensure that any resources that slip through the ConstraintTemplate CRD, are quickly identified and do not add headless costs that cannot be allocated.
Below are a couple of kubectl commands that FinOps teams and Kubernetes administrators can use to quickly identify untagged resources:
Find untagged nodes:
kubectl get nodes -o go-template='
Find untagged pods:
kubectl get pods --all-namespaces -o go-template=''
Once identified a best practice is to identify the team/business unit responsible for these resources and apply the relevant labels.
Identify Out of Cluster Services and Allocate their Costs
Most Kubernetes applications leverage external services including cloud provider or other third party services. These services are usually referred to as out of cluster services, and the costs associated with them as out of cluster costs.
For granular cost visibility and to ensure that business units are allocated the correct amount of costs, FinOps teams need to ensure that out of cluster costs are also allocated back to the team/organizational grouping that consumes those services.
Kubernetes and most other cloud providers do not provide this functionality out of the box. A best practice is for FinOps teams to leverage tools like Replex, which support the allocation of out of cluster costs to Kubernetes clusters, namespaces and labels etc.
Allocate Shared Costs
Shared costs make up a significant portion of overall Kubernetes costs. To ensure FinOps teams and other stakeholders have the most accurate view of costs, these shared costs need to be allocated equitably.
Shared costs are usually incurred as shared licensing, support and networking costs. Cost for out of cluster cloud or third party services also usually fall under this head.
A best practice when allocating shared Kubernetes costs is to do it based on either a fixed, proportional or usage based approach. The decision to use any one of these approaches will also depend on the Kubernetes environment and the unique organizational groupings of the FinOps framework.
Allocating shared costs is not an easy task in cloud environments. Kubernetes with its shared resources model introduces even more complexities. Tools like Replex, allow seamless allocation of shared resource costs with its custom cost feature.
Interested in learning more about the FinOps framework?
Download our detailed guide to Cloud FinOps for FinOps teams, executives, DevOps, engineering, finance and procurement.
Fan of all things cloud, containers and micro-services!
Part 4 of our Introduction to FinOps for Kubernetes: Challenges and Best Practices article series, which outlines a comprehensive list of best practices aimed at implementing FinOps processes for cloud native Kubernetes environments.
August 26, 2021
3 min read
In a recent report, CNCF identified "a more granular and active Kubernetes cost-monitoring strategy" as a primary means of reducing K8s cost. In this article we identify major takeaways from the report and outline the contours of a comprehensive Kubernetes cost monitoring strategy.
August 12, 2021
3 min read
Part 3 of our Introduction to FinOps for Kubernetes: Challenges and Best Practices article series, which outlines a comprehensive list of best practices aimed at implementing FinOps processes for cloud native Kubernetes environments.
July 12, 2021
3 min read