Stakeholder Best Practices
How to Use This List
These are the habits that make platform work fundable.
Each group covers one recurring conversation: money, capacity, risk, the golden path, and the operating rhythm that keeps all three honest.
Read the group that matches the meeting you are walking into. Do not try to apply all of them at once.
Every practice assumes you can produce a real number from your cluster. If you cannot, that is the first task.
A - Make the Money Legible
Price the node, not the pod. Stakeholders do not buy pods, they buy nodes. Convert requested CPU and memory into node count times monthly node price, and quote that figure.
Count load balancers out loud. Every Service of type LoadBalancer provisions a cloud load balancer with its own hourly charge. Ten services created without thought is ten line items, and shared ingress collapses them into one.
Show allocatable, not capacity. A 16-core node offers roughly 15.1 allocatable cores after kubelet, OS, and containerd reservations. Quoting raw capacity inflates your own numbers and destroys credibility when the invoice disagrees.
Attribute spend to a namespace. Run OpenCost or Kubecost and put a dollar figure next to each team. Fairness arguments end quickly once the bill has names on it.
Name the egress and cross-zone tax. Traffic crossing availability zones bills per gigabyte, and a chatty service placed carelessly can outrun its own compute cost. Surface it before finance does.
Report utilization against requests. A namespace holding 12 cores and burning 3 is a 75% refund waiting to happen. Bring the Prometheus data, not the opinion.
B - Handle Capacity Requests Like Budget Requests
Ask for the measurement, not the estimate. Teams size from fear and pick 2 CPU because it felt safe. A week of container_cpu_usage_seconds_total typically halves the ask on the first pass.
Always pair ResourceQuota with LimitRange. A quota on requests.cpu makes requests mandatory, so every existing pod without one is rejected. The LimitRange defaultRequest is what keeps the namespace working.
Attach an expiry to every grant. Nobody files a ticket to hand capacity back. A 90-day review date is the only mechanism that reclaims idle quota.
State your overcommit ratio explicitly. Granting more quota than the cluster physically holds is a valid strategy when peaks are staggered and Karpenter can add nodes. An unstated 2x overcommit is a reliability promise you will be blamed for breaking.
Add 25% headroom for rollouts. A RollingUpdate runs old and new pods together, so the steady-state number is not the peak number. Sizing to steady state produces Pending pods on every deploy.
Use PriorityClass to decide who loses. Quota decides who may ask, priority decides who wins when the cluster is full. Give revenue paths a high value and batch a low one so a full cluster degrades in the order the business would pick.
C - Communicate Risk as Loss, Not Control
Lead with the reachable path, never the control name. "We need NetworkPolicies" loses to a launch date. "Any compromised pod can currently reach the payments database on 5432" gets funded.
Demo the default. Run a throwaway pod that connects to your most sensitive service, live, in the meeting. Thirty seconds of nc -zv beats a slide about lateral movement.
Correct the namespace assumption. Namespaces are a boundary for RBAC and quota, not for network traffic. Most stakeholders believe the cluster is already segmented because it looks segmented.
Offer tiers, never a binary. "No policies" versus "cluster-wide zero trust" is a false choice that gets rejected. Default-deny on the two namespaces holding sensitive data is a day of work and usually gets approved in the room.
Verify enforcement before claiming mitigation. NetworkPolicy objects are inert unless the CNI implements them. Reporting decorative policies as coverage is worse than reporting none.
Record acceptance with a name and a date. If the answer is still "ship it," write the risk, the skipped control, the reason, the accepting person, and the review date. That converts a silent gap into a tracked item.
D - Prove the Golden Path With Data
Measure the before, or you have no story. Time a team shipping without the paved path: days to first deploy, hours per release, number of hand-written manifests. That baseline is your entire argument later.
Quote lead time and deploy frequency. These are the DORA metrics stakeholders already recognize from other contexts. "Median lead time fell from 6 days to 4 hours across nine teams" needs no translation.
Convert saved hours into headcount. Fifteen teams saving four hours per release across two releases a week is roughly 120 hours a month. Naming it as most of an engineer's time makes the platform a hiring decision.
Count what the path prevents, not just what it speeds. Golden-path Helm charts that ship non-root containers, requests, limits, and probes by default remove a class of incidents. Track the incidents that stopped happening.
Show adoption as a percentage. "Eleven of fourteen teams deploy through the golden path" is a health metric. Falling adoption is early warning that the paved road stopped being the fast road.
Name the escape hatch. A golden path with no documented exception process gets bypassed silently, and silent bypass is how you lose visibility. An approved exception is data, a shadow pipeline is a blind spot.
E - Keep the Operating Rhythm Honest
Bring one number per meeting, not a dashboard. Stakeholders retain a single figure. Twelve charts produce zero decisions.
Keep the coarse summary numerically true. Simplifying loses nuance, and that is fine. Rounding in your own favor is not, and it costs you the next three conversations.
Say no with a price, never with a refusal. "That does not fit" is a platform blocking a team. "That ask implies three more nodes at roughly $1,400 a month, so it is your call" is a product owner making a budget decision.
Report headroom before you need it. Announcing that the cluster has six weeks of growth left is planning. Announcing it the week pods start pending is an emergency you created.
Write the postmortem in business terms first. Lead with customer minutes affected and revenue path impacted, then the technical cause. The audience for page one is not the on-call engineer.
Revisit accepted risks on schedule. An acceptance without a follow-up is a documented incident waiting to happen. The review date is the practice, not the register entry.
When You Are Done
You should be able to answer four questions without opening a terminal.
What does this cluster cost per month, and what drives the number. How much headroom is left before you must buy nodes. Which risks are accepted, by whom, and when they get reviewed. What the golden path saves, in hours or incidents, with data behind it.
If any answer is a shrug, that is your next week of work.
The test is not whether stakeholders agree with you. It is whether they can weigh the trade-off themselves and own the outcome.
FAQs
What if I do not have cost attribution tooling yet? Start with node count times node price divided by namespace requests. A rough allocation you can defend beats a precise one you do not have.
How do I push back when a team demands quota that does not fit? Give them the node count and the monthly figure their request implies, then route the decision to whoever owns the budget. That is an answer, not a blockade.
Is it a failure if a stakeholder rejects a security control? No. An informed, documented, owned decision is a legitimate outcome. An undocumented gap is the failure.
Which single metric moves stakeholders the most? Lead time to production, because it maps directly to how fast features reach customers. Cost per namespace is a close second.
How often should quota be reviewed? Every 90 days. Anything longer and idle reservations become permanent load-bearing assumptions.
Should engineers see these numbers too? Yes. Teams that can see their own namespace cost and utilization right-size themselves without being asked.
Related
- Translating Clusters into Business Language
- Stakeholder Basics
- Quota & Capacity Requests
- Risk Communication
Stack versions: This page was written for Kubernetes 1.36.2, Docker Engine 29.6.1 (BuildKit default), containerd (CRI runtime on nodes), Helm 3, Compose v2, Argo CD (latest - verify at build), and Gateway API (GA - verify controller support at build).