[Kubernetes, Cloud, FinOps, Cloud Native]

Introduction to FinOps for Kubernetes: Challenges and Best Practices - Part II

Part 2 of our Introduction to FinOps for Kubernetes: Challenges and Best Practices article series, which outlines a comprehensive list of best practices aimed at implementing FinOps processes for cloud native Kubernetes environments.

Hasham Haider

Hasham Haider

July 2, 2021

3 minute read

This is part 2 of our Introduction to FinOps for Kubernetes: Challenges and Best Practices article series. In Part 1 we outlined some of the core challenges associated with implementing FinOps processes for cloud native Kubernetes environments. 

In this installment we will outline a comprehensive list of best practices aimed at implementing FinOps processes for cloud native Kubernetes environments. We will also outline how best to overcome the challenges that Kubernetes presents to the implementation of a cloud native FinOps framework. 

We will outline best practices based on the activities performed during each FinOps life cycle phase. These would include the inform, optimize and operate phases.

Let’s get started.

Use Kubernetes Labels to Implement a Comprehensive Tagging Strategy

Tagging is a central pillar of the inform phase of the FinOps framework. Tagging allows FinOps teams to allocate cloud and infrastructure costs to organizational groupings. This in turn enables unit economics - a FinOps concept which advocates tracking cloud and infrastructure costs in the context of their impact on previously identified business metrics for each custom organizational grouping.

A best practice in this context is for FinOps teams to develop a comprehensive Kubernetes labelling regime in consultation with Kubernetes administrators and Ops teams. This labelling regime should be based on the organizational groupings previously identified by the FinOps teams.

FinOps teams should also identify a set of required labels that need to be defined for every Kubernetes resource that is provisioned. To ensure required labels are applied to each new resource, Kubernetes administrators can use a ConstraintTemplate CRD in OPA Gatekeeper.

The ConstraintTemplate CRD will ensure that only resources with the requisite labels are provisioned. 

Identify Untagged Resources

Once a tagging strategy has been developed and implemented, the next step is to institute a regular process for identifying untagged resources. This will ensure that any resources that slip through the ConstraintTemplate CRD, are quickly identified and do not add headless costs that cannot be allocated. 

Below are a couple of kubectl commands that FinOps teams and Kubernetes administrators can use to quickly identify untagged resources:

Find untagged nodes:

kubectl get nodes -o go-template='

Find untagged pods:

kubectl get pods --all-namespaces -o go-template=''

Once identified a best practice is to identify the team/business unit responsible for these resources and apply the relevant labels. 

Identify Out of Cluster Services and Allocate their Costs

Most Kubernetes applications leverage external services including cloud provider or other third party services. These services are usually referred to as out of cluster services, and the costs associated with them as out of cluster costs. 

For granular cost visibility and to ensure that business units are allocated the correct amount of costs, FinOps teams need to ensure that out of cluster costs are also allocated back to the team/organizational grouping that consumes those services.

Kubernetes and most other cloud providers do not provide this functionality out of the box. A best practice is for FinOps teams to leverage tools like Replex, which support the allocation of out of cluster costs to Kubernetes clusters, namespaces and labels etc.

Allocate Shared Costs

Shared costs make up a significant portion of overall Kubernetes costs. To ensure FinOps teams and other stakeholders have the most accurate view of costs, these shared costs need to be allocated equitably.

Shared costs are usually incurred as shared licensing, support and networking costs. Cost for out of cluster cloud or third party services also usually fall under this head. 

A best practice when allocating shared Kubernetes costs is to do it based on either a fixed, proportional or usage based approach. The decision to use any one of these approaches will also depend on the Kubernetes environment and the unique organizational groupings of the FinOps framework. 

Allocating shared costs is not an easy task in cloud environments. Kubernetes with its shared resources model introduces even more complexities. Tools like Replex, allow seamless allocation of shared resource costs with its custom cost feature.

Interested in learning more about the FinOps framework? 

Download our detailed guide to Cloud FinOps for FinOps teams, executives, DevOps, engineering, finance and procurement.

The ultimate guide to cloud finops Download Ebook
Hasham Haider


Hasham Haider

Fan of all things cloud, containers and micro-services!

Want to Dig Deeper and Understand How Different Teams or Applications are Driving Your Costs?

Request a quick 20 minute demo to see how you can seamlessly allocate Kubernetes costs while saving up to 30% on infrastructure costs using Replex.

Contact Us