Cloud Cost Automation December 19, 2025 • 6 min read
K8s Rightsizing: Automating Requests and Limits Based on Real Usage
This blog tackles the "Goldilocks" problem of Kubernetes resource limits. It explains why manual guessing leads to 40% waste and details an automated rightsizing strategy using historical usage data (P99), VPA logic, and Atler Pilot for financial validation.
Shivani Singh
Shivani Singh
Cloud Engineering
K8s Rightsizing: Automating Requests and Limits Based on Real Usage

 There is a specific, cold sweat that every Kubernetes developer knows. It happens when you are writing a deployment manifest, and you reach the resources section. You stare at the blinking cursor next to memory: request:, and you have to make a decision. 

If you guess too low, the application crashes with an OOMKilled error at 3 AM. If you guess too high, the application runs fine, but your CFO eventually sends a frantic email asking why the cloud bill has doubled while traffic stayed flat. 

Most developers choose safety. They double the memory they think they need, and then add a little extra "just in case." This creates a massive, invisible layer of financial waste. According to a 2025 analysis by Harness, this behavior contributes to a staggering $44.5 billion in cloud waste, with the average Kubernetes cluster utilizing just 10% of its provisioned CPU. 

This isn't an infrastructure problem. It’s an automation problem. In a dynamic environment, humans cannot accurately predict resource needs for hundreds of microservices. It is time to stop guessing and start rightsizing based on math, not fear. 

The "Slack" Problem: Why You Are Paying for Air? 

To understand Kubernetes Cost Automation, you have to understand the gap between provisioned and consumed resources. 

Kubernetes scheduling relies on Requests, not usage. If you request 4GB of RAM for a pod, the scheduler reserves that space on a node. Even if the pod only uses 500MB, the other 3.5GB is "stranded." It cannot be used by other pods. You are paying for that 3.5GB as if it were fully utilized. 

This gap is called "Slack," and in most enterprise clusters, Slack accounts for 50% to 70% of total compute spend. The problem is exacerbated by the "set it and forget it" mentality. A developer might set a high limit during a launch (when traffic is unpredictable) and never lower it. Six months later, the service has stabilized, but the resource request remains at the "panic mode" level. 

The Limits of Native Tools 

Kubernetes has a native tool for this called the Vertical Pod Autoscaler (VPA). In theory, VPA is perfect: it watches your pod's historical usage and adjusts the requests automatically. 

In practice, VPA in production is terrifying for one specific reason: Restarting. 

To change the resource requests of a running pod, Kubernetes must recreate it. If you run VPA in "Auto" mode, it might decide to restart your critical payment service in the middle of a transaction just to save 200MB of RAM. Because of this disruption risk, most teams leave VPA in "Recommendation" mode. They get a list of suggested values, but they still have to manually apply them, bringing us back to the manual toil we tried to escape. 

The Algorithm: From Guesswork to Engineering 

Successful rightsizing requires an algorithmic approach that balances risk and cost. You cannot simply set requests to the average usage; that guarantees throttling during spikes. 

A robust automation strategy typically follows a "P95 + Buffer" logic: 

  1. Query Historical Usage: Look at Prometheus data for the last 7-14 days. This captures weekly seasonality (e.g., higher traffic on Mondays). 

  1. Calculate Percentiles: Determine the P95 or P99 usage. This tells you, "99% of the time, the pod used less than X CPU." 

  1. Add a Safety Buffer: Add 15-20% on top of that P99 value. 

  1. Set the Request: This new value becomes your baseline request. 

This approach creates a "tight but safe" fit. You are no longer provisioning for the theoretical maximum; you are provisioning for the statistical maximum, with a safety net. 

Automating the Feedback Loop 

The goal is to close the loop without human intervention, but without the disruptive restarts of VPA. This is often achieved through "Deploy-Time Rightsizing." 

Instead of changing pods mid-flight, you can use a CI/CD pipeline step or a mutating admission webhook. When a developer pushes a new version of the code, the pipeline checks the historical usage of the previous version. It calculates the new ideal request (using the P99 logic) and patches the deployment manifest before it is applied to the cluster. 

This ensures that every new deployment is rightsized based on the most recent real-world data. The application is never restarted just for rightsizing; the rightsizing happens naturally as part of the release cadence. 

Financial Observability: The Missing Link 

Algorithms can calculate CPU cycles, but they can't calculate dollars. Rightsizing is ultimately a financial decision. Saving 1 CPU core on a batch processing job is great; saving 1 CPU core on the checkout service might risk $100k/minute in revenue if it leads to throttling. 

This is where Atler Pilot changes the equation. While Prometheus tells you what resources are used, Atler Pilot tells you what it costs. It provides the financial context required to make rightsizing decisions safely. 

With Atler Pilot, you can visualize the "Cost Per Pod" and "Cost Per Feature." Before you apply an automated rightsizing policy, you can model the savings: "Reducing this request by 20% will save $4,000/month." This moves the conversation from abstract resource units (millicores) to concrete business value. It allows FinOps teams to prioritize rightsizing efforts on the "heavy hitters"—the top 10% of workloads that drive 80% of the cost. 

Handling the "CPU Limit" Controversy 

A common debate in Kubernetes rightsizing is whether to set CPU limits at all. While memory limits are essential (to prevent a leak from crashing the node), CPU limits can cause CPU Throttling. 

If a pod hits its CPU limit, the Linux kernel (via CFS quotas) pauses the process. This creates latency, often without high average CPU usage. A highly insightful rightsizing strategy often involves removing CPU limits entirely for critical latency-sensitive workloads, while keeping strict CPU requests. This ensures the pod gets its guaranteed share but can burst into available slack during spikes without being throttled. 

Conclusion: Infrastructure as Data 

We treat our application code with rigor: unit tests, peer reviews, CI/CD. Yet we treat our resource configurations like scribbles on a napkin. 

Kubernetes rightsizing is a continuous engineering process. By automating requests based on real usage data and validating the financial impact with cloud automation tools like Atler Pilot, you turn your infrastructure from a static cost center into a dynamic, efficiency engine. The era of guessing is over. The era of precision provisioning has arrived. 

See, Understand, Optimize -
All in One Place

Atler Pilot decodes your cloud spend story by bringing monitoring, automation, and intelligent insights together for faster and better cloud operations.