By Hakan Akcan · Reepa Solutions
Few technologies divide opinion in the SME world as sharply as Kubernetes. On one side it promises standardisation, auto-scaling, declarative infrastructure, and a common language spoken by every modern cloud provider. On the other side, Kubernetes is one of the most complex platforms an IT team can operate — with its own learning curve, its own security challenges, and ongoing maintenance demands that overwhelm many smaller organisations. The right question is therefore not "Kubernetes yes or no" but: does this platform fit my application topology, my team size, and my real scaling requirements? This article frames that decision objectively, highlights common misguided investments, compares managed offerings against self-hosted distributions, and puts concrete numbers on the real operational and licensing costs of small and medium-sized clusters. For broader context, see our Cloud & DevOps Guide for SMEs.
Why Kubernetes Decisions Carry Board-Level Risk
Introducing Kubernetes touches three cost blocks simultaneously — infrastructure, personnel, and velocity. Adopt the platform too early and you build complexity without the matching benefit: a two-person IT team then spends several weeks each quarter on upgrades, certificate rotation, and CNI issues instead of productive development. Adopt it too late and you accumulate parallel "server islands" with bespoke scripts and inconsistent deployment paths — the time to put each new application into production grows from days to weeks.
Two regulatory levers add further weight. First, NIS2: many SMEs have been subject to expanded due-diligence obligations since October 2024, and a declarative platform with an audit trail significantly simplifies compliance evidence. Second, ISO 27001 in its 2022 edition with Control A.8.9 (Configuration Management) and A.8.32 (Change Management) — Kubernetes with GitOps delivers an auditable history by design that manually operated VM landscapes typically cannot provide. Both arguments favour the platform — but only if the team also operates it securely.
From our consulting practice we see three patterns where Kubernetes works well economically and three where it regularly goes wrong. The following sections explore these patterns in detail.
What Kubernetes Actually Solves in 2026
Kubernetes is a declarative orchestration platform for containers. Its core promise: you describe the desired target state in YAML, and the cluster ensures that state is reached and maintained — even when nodes fail or load increases. In 2026 the platform is mature: the core interfaces — CRI for container runtimes, CNI for networking, CSI for storage — are stable, the major distributions are certified, and the ecosystem of Helm, Argo CD, Cilium, Linkerd, and cert-manager covers almost all production requirements.
Specifically, Kubernetes solves four problems particularly well. First, standardisation: a hundred services from twenty teams look identical from an operational perspective — the same health checks, the same log paths, the same update strategy. Second, horizontal scaling: with cleanly built workloads, replicas grow and shrink automatically with load. Third, multi-environment management: staging, pre-prod, and production are namespaces or clusters whose configuration differences are minimal and version-controlled. Fourth, recoverability: a complete cluster rebuild from Git is achievable within a few hours when applications are cleanly described as Helm charts.
When Kubernetes Is Overkill
Three scenarios argue clearly against Kubernetes — even if the leadership team has heard about it and a competitor is marketing it:
- Single application without modularisationA single ERP, a single sales system, or a monolith without clear service boundaries gains little from Kubernetes. The added platform complexity delivers no measurable benefit, and the application is typically not designed for rolling updates or multiple replicas. Traditional VMs with backups and a reverse proxy are more cost-effective here.
- IT team of fewer than three peopleKubernetes requires ongoing attention — upgrades, patches, certificates, monitoring adjustments. When the entire IT team is fewer than three people and only one has platform experience, a single period of illness or holiday is a risk. At this scale, a Platform-as-a-Service such as Hetzner Cloud Apps, Render, or Fly.io is often the better choice.
- Low and very stable loadWhen the application has predictable, low traffic — typical internal tools, accounting systems, small vertical-market applications — there is no auto-scaling problem for Kubernetes to solve. A VM, a backup job, and a monitoring agent are sufficient.
In all three cases Kubernetes only becomes worthwhile when a second or third driver is added — such as the desire for developer self-service, an impending architectural modernisation into multiple services, or a concrete compliance audit that favours declarative platforms.
When Kubernetes Genuinely Makes Sense
Conversely, three scenarios exist where Kubernetes delivers clearly more value than it costs in complexity:
- Microservices or modular monolithWhen the application is split into at least five to ten independently deployable services, Kubernetes provides each service with the same standard framework — health, logs, updates, scaling. The platform overhead amortises quickly because every new team onboarding is faster.
- Multiple environments with frequent releasesStaging, pre-prod, production, and optionally per-pull-request test environments are virtually trivial in Kubernetes via namespaces. In a traditional VM world, every additional environment is a separate server blueprint with doubled maintenance effort.
- Traffic spikes with clear scaling requirementsSeasonal peaks (Black Friday, tax deadlines, school enrolments), event-driven loads, or asynchronous batch processing benefit strongly from the Horizontal Pod Autoscaler and Cluster Autoscaler. Here the scaling mechanism alone justifies the platform investment.
Request a Free Kubernetes Consultation
Considering whether to adopt Kubernetes or choose the right distribution and provider mix? We offer a complimentary 30-minute initial call — we assess architecture, team size, and real scaling requirements and give an honest recommendation with or without Kubernetes.
Request a free Kubernetes consultationManaged Kubernetes Compared
Once the decision to use Kubernetes has been made, the next question is provider selection. The market broadly divides into three camps: hyperscalers with global reach, European providers with a GDPR focus, and lean managed offerings for smaller clusters. The overview below categorises the main providers without detailed ranking — the choice depends on data residency, integration depth, and budget.
| Provider | Strengths | Typical fit | Control-plane price |
|---|---|---|---|
| Amazon EKS | Largest ecosystem, many integration modules, worldwide regions | Existing AWS landscape, international traffic | approx. €70/month per cluster |
| Microsoft AKS | Deep Azure AD integration, Windows workloads possible | Microsoft-aligned organisations, hybrid scenarios | €0 control plane, pay for nodes |
| Google GKE | Most mature auto-scaling and upgrade automation, Autopilot mode | Data-intensive workloads, machine-learning pipelines | approx. €70/month (except Autopilot) |
| OVHcloud Managed K8s | EU data residency, GDPR-compliant, transparent pricing | DACH companies with data-protection requirements | €0 control plane |
| Hetzner-managed (partner) | Affordable VMs, EU data residency, very cost-effective for small clusters | Startups, SMEs with tight budgets | varies by partner |
| Scaleway Kapsule | French provider, EU data residency, fair pricing | DACH/FR mid-market with moderate loads | €0 control plane |
For German SMEs with clear GDPR requirements, OVHcloud, Scaleway, and Hetzner-managed offerings are often the most cost-effective choice. Organisations already using AWS or Azure should stay with their hyperscaler — the integration with IAM, logging, and databases saves more effort than the control-plane fee costs.
Self-hosted Kubernetes — When It Makes Sense
Self-hosted is not a cost-cutting measure but an architectural decision. Three distributions are relevant for SMEs. kubeadm is the official upstream tool from the Kubernetes community, ideal for teams that want full control but are prepared to plan every upgrade step themselves. k3s from the SUSE ecosystem is a lightweight distribution that can replace etcd with SQLite and runs productively on small servers — the most common choice for SME edge or branch clusters. RKE2, also from SUSE, is the hardened variant with CIS-compliant defaults, suitable for regulated industries and near-government environments.
Self-hosted pays off when three conditions are met: the team has or is building internal platform expertise, data-residency requirements are specific enough that no managed provider fits, and the cluster is intended to operate long-term. For temporary setups or first steps into containers, managed is almost always the better choice. Anyone going self-hosted should also work with GitOps from day one — otherwise a hard-to-maintain combination of manual kubectl interventions and forgotten changes accumulates, one that cannot be reproduced reliably in a crisis.
Realistic Operational Overhead
An honest effort estimate is the most common gap in Kubernetes business cases. The table below summarises typical maintenance times — it is intended as a guide and varies by cluster size, applications, and compliance requirements.
| Task | Frequency | Managed | Self-hosted |
|---|---|---|---|
| Kubernetes minor upgrade | 3–4× per year | 0.5–1 day per cluster | 2–4 days per cluster |
| Node OS patches | monthly | automatic | 0.5–1 day per month |
| Certificate rotation | annually, automatic | automatic | 0.5 day |
| etcd backups + restore tests | monthly | automatic | 0.5–1 day per month |
| Critical security patches | ad hoc | 1–4 hrs response | 4–16 hrs response |
| Add-on maintenance (Ingress, CNI, cert-manager) | quarterly | 1 day per quarter | 2–3 days per quarter |
Over the course of a year, the self-hosted overhead for a medium-sized cluster typically adds up to 25 to 45 person-days — roughly 15 to 25 percent of a full-time position. With Managed Kubernetes this figure drops to 5 to 12 person-days per year. Anyone who underestimates this difference builds a seemingly cheap self-hosted setup on paper and discovers six months later that the team has been neglecting productive work.
Storage and Networking
Containers require persistent storage and a clearly defined network. Three standard interfaces shape the architecture. CSI (Container Storage Interface) connects block and file storage from cloud providers or on-premises systems. CNI (Container Network Interface) delivers the pod network — Cilium has been the de-facto choice since 2024 because it is eBPF-based, performant, and observable. Ingress controllers such as ingress-nginx, Traefik, or the newer Gateway API from Envoy handle the connection to external HTTP traffic.
Optionally, a service mesh is added — Linkerd for teams wanting a lean, secure mTLS layer, Istio for teams with high routing and observability requirements. For SME clusters, a solid ingress setup plus NetworkPolicies is often sufficient; a service mesh is typically introduced when multiple teams are running independent services in production and need a consistent security model. For more background on container runtime choices in a cluster, see our comparison Docker vs. Podman.
Helm and GitOps for Deployments
Helm is the established package manager for Kubernetes: each application is packaged as a chart — templates plus a values file — and installed or updated with a single operation. For internal applications, maintaining a private chart repository (for example an OCI registry path) is worthwhile; for external components a public chart pull is sufficient.
GitOps goes one step further: the desired cluster state lives in a Git repository, and a controller (Argo CD or Flux) continuously synchronises. The benefits are clear: every state change is a commit, rollbacks are a git revert, and new clusters are built by cloning the repository. For audit requirements this is a quantum leap over manual kubectl workflows. For a detailed comparison of GitOps tooling, see our article GitOps with Argo CD and Flux.
Security Inside the Cluster
Kubernetes security is a discipline of its own. Four layers are mandatory for SMEs — everything beyond is optional and risk-driven.
- Cleanly defined RBACRole-Based Access Control governs who can do what inside the cluster. The classic trap is "cluster-admin for all developers" — convenient, but fatal when a faulty script runs. A namespace-separated RBAC with service accounts per application and per-person roles per team is the minimum level of maturity.
- Pod Security StandardsSince Kubernetes 1.25, Pod Security Admission is the standard. Three profiles — privileged, baseline, restricted — cover the most important scenarios. Production namespaces should run restricted by default, with an explicit justification recorded for each exception.
- NetworkPolicies per namespaceDefault Kubernetes allows every pod to talk to every other pod. That is problematic in an incident. NetworkPolicies — best enforced via Cilium or Calico — restrict pod-to-pod traffic to what the application actually needs.
- Image scanning in the pipelineEvery container image should be scanned for known vulnerabilities before being pushed to the registry — Trivy and Grype are the established open-source tools; commercial alternatives include Aqua and Sysdig. Critical findings should fail the build; medium and low findings should be documented.
Teams that take observability seriously supplement these four layers with centralised audit logs and runtime anomaly detection. More on this in our article Observability Monitoring Stack.
Cost Examples for Small and Medium Clusters
Concrete numbers help drive the decision. The examples below show typical monthly costs for three cluster sizes — they are averages from real projects and include worker nodes, load balancers, storage, and data transfer, but not personnel overhead.
| Cluster size | Hetzner-managed/Scaleway | OVHcloud Managed | EKS/AKS/GKE |
|---|---|---|---|
| Small (3 nodes, 12 vCPU, 24 GB RAM) | €120–180 | €180–250 | €250–400 |
| Medium (6 nodes, 24 vCPU, 48 GB RAM) | €250–380 | €380–550 | €500–800 |
| Larger (12 nodes, 48 vCPU, 96 GB RAM) | €500–750 | €750–1,100 | €1,000–1,800 |
Hyperscaler prices often include data-transfer costs that are significantly lower or flat-rate with European providers — for high-traffic workloads the EU option is noticeably cheaper in practice. Self-hosted on Hetzner Dedicated can come in another 30 to 50 percent below the managed figures, but incurs the additional person-days documented above.
Reepa Kubernetes Coaching
We support SME teams through two models. First, the architecture initial consultation: a 90-minute session with an architecture review, provider recommendation, and an honest cost framework — including the conclusion "you don't need Kubernetes" when that is the right answer. Second, a multi-week coaching engagement in which we build a first production cluster together with the team, introduce GitOps, configure the security layers, and prepare the internal team for ongoing operations. We deliberately do not install a black-box platform but instead deliver documented, reproducible building blocks that the team can maintain independently over the long term.
Frequently Asked Questions
Is Kubernetes worth it for a company with 50 employees?
In most cases, no. If a company runs one or two core applications, has a small IT team, and doesn't face extreme traffic spikes, Kubernetes is usually overkill. Better options are Docker Compose on one or two robust servers, a Platform-as-a-Service like Hetzner Cloud Apps, or traditional VMs with systemd. Kubernetes only pays off when multiple teams work in parallel on multiple services and platform standardisation saves meaningful effort.
Managed Kubernetes or Self-hosted — which is cheaper?
Looking purely at the invoice, self-hosted is usually cheaper because the hyperscaler control-plane fee disappears. Once you factor in the real personnel time for patches, upgrades, etcd backups, certificate rotation, and incident response, the picture flips for most SMEs — Managed Kubernetes from OVHcloud, Hetzner-managed, Scaleway, or the major hyperscalers is cheaper as soon as you want to avoid a full-time position's worth of operational overhead.
What is the difference between k3s and full Kubernetes?
k3s is a lightweight Kubernetes distribution from SUSE that omits many optional components and replaces etcd with SQLite by default. Functionally k3s is a certified Kubernetes and is fully sufficient for many SME clusters. The advantage is a drastically reduced memory and maintenance footprint — k3s runs on a server with 4 GB RAM. Full Kubernetes pays off when you need multiple control-plane nodes, a high-availability etcd cluster, or specific enterprise features.
How much does a production Kubernetes cluster cost per month?
A small managed cluster at Hetzner-managed or OVHcloud with three worker nodes starts at around 120 to 250 euros per month. Comparable clusters on EKS, AKS, or GKE cost between 250 and 600 euros per month because the approximately 70-euro control-plane fee is joined by higher VM hours and data-transfer costs. Self-hosted on your own Hetzner Dedicated servers is possible from 80 to 150 euros per month, but the personnel overhead is additional.
Do I need GitOps or is classic deployment sufficient?
From two environments — staging and production — and more than three applications, GitOps is almost always worthwhile. Argo CD or Flux ensure the cluster state is reproducibly documented in the Git repo, rollbacks work via git revert, and audit requirements such as ISO 27001 are met with minimal additional effort. For a single service with no compliance requirements, a simple Helm push from the CI pipeline is sufficient.
Ready for an Honest Kubernetes Decision?
Let's talk for 30 minutes, no strings attached. We assess architecture, team size, and scaling requirements, give an honest recommendation with or without Kubernetes, and provide a realistic roadmap — including provider selection and cost framework.
Schedule a 30-minute call
IT security and cloud architect with more than ten years of experience. Supports SME teams in building container platforms, GitOps workflows, and cloud migration projects. Writes regularly about Kubernetes, DevOps, and cloud architecture.
Reviewed: 22 May 2026 · More about Hakan