AKS Cost Optimization: 7 Ways to Reduce Azure Kubernetes Service Costs

Azure Kubernetes Service has a pricing model designed to look affordable at first glance: the AKS control plane is free. No hourly management fee, no per-cluster charge. Just connect your Azure subscription and start deploying.

The actual bill tells a different story. AKS orchestrates Azure resources on your behalf — Virtual Machine Scale Sets, Managed Disks, Azure Load Balancers, public IP addresses, virtual network components — and every one of those resources bills at standard Azure rates. A cluster that looks simple on the Kubernetes side represents a web of Azure infrastructure, much of which continues billing long after the workloads that created it are gone.

The most common AKS cost problem is orphaned Managed Disks. When a Pod or StatefulSet is deleted, the PersistentVolumeClaim it used is not automatically removed. The underlying Azure Managed Disk keeps running. Premium SSD Managed Disks cost approximately $0.17/GB/month on Azure — a single orphaned 100Gi disk is $17/month, and clusters with active development histories accumulate dozens of them.

This guide covers 7 concrete ways to reduce your AKS bill. The starting point for most teams is the same: a read-only audit that surfaces what you're paying for and no longer using.

AKS Cost Components

Before optimizing, map where your AKS costs actually originate.

Azure Virtual Machine Scale Sets run your AKS worker nodes. Each node is a VM in a VMSS — Standard_D4s_v3, Standard_B2ms, Standard_E8s_v3 — billed at standard Azure VM rates. Node pools with fixed sizes run at 100% of cost whether workloads are saturating them or not. A Standard_D8s_v3 instance (8 vCPU, 32 GB RAM) costs roughly $0.384/hour on-demand. A cluster with 5 such nodes running at 20% average CPU utilization is paying for 32 vCPUs to sit idle.

Azure Managed Disks back AKS PersistentVolumeClaims. Standard SSD runs $0.06/GB/month; Premium SSD costs $0.17/GB/month; Ultra Disk is priced per provisioned IOPS and throughput in addition to capacity. Managed Disks are not deleted when PVCs are removed — they persist until explicitly deleted. This is the leading source of hidden AKS storage cost.

Azure Load Balancers are provisioned when you create a Kubernetes Service of type LoadBalancer. AKS uses the Standard Load Balancer SKU by default, which charges $0.025/hour per rule ($18/month) plus data processing fees. An idle load balancer — no active backends, no traffic — still incurs the rule fee.

Public IP addresses are allocated for load balancers and, in some configurations, for individual nodes. A static public IP costs $0.008/hour ($5.76/month). Dynamic IPs in unassociated state also accrue charges. Stale public IPs from deleted load balancers or node pools are a common source of low-level but persistent waste.

Outbound data transfer costs $0.087/GB leaving Azure data centers to the internet (first 5 GB/month free). Cross-region traffic within Azure runs $0.02–$0.08/GB. Clusters that make frequent external API calls or replicate data across regions can accumulate significant egress charges.

Azure Container Registry stores container images. The Standard tier costs $0.167/day; Premium is $0.667/day. Untagged and unreferenced images accumulate over time — especially in repositories with active CI/CD pipelines — and billing is per GB of storage used.

7 Ways to Cut AKS Costs

1. Find and Delete Orphaned Managed Disks

Orphaned Managed Disks are the fastest, safest AKS cost reduction for most clusters. A disk with no mounting Pod provides zero value and can be deleted immediately once confirmed unused.

The standard AKS StorageClass uses Retain as the reclaim policy for dynamically provisioned Premium SSD disks — meaning when a PVC is deleted, the underlying disk is retained until manually removed. In Delete policy StorageClasses, disks are removed with the PVC, but PVCs themselves are not auto-deleted when workloads are removed.

The result: every StatefulSet deletion, every environment teardown, and every database migration leaves behind PVCs — and the Managed Disks they represent. In a cluster that's been running for 6–12 months, it's common to find 30–50% of disk spend tied to volumes no Pod is using.

To find orphaned PVCs: run kubectl get pvc --all-namespaces and cross-reference each PVC against active Pod volumes. Any PVC not mounted by a running or pending Pod is a candidate for cleanup. Check for PVs in Released state — the PVC was deleted but the disk was retained.

For the detailed mechanics and validation steps, see How to Find Orphaned PVCs and PVs Before They Inflate Your Cloud Bill.

KorPro automates this entire cross-reference. Connect your AKS cluster with read-only Azure IAM permissions and the orphaned disk report surfaces in under a minute with disk sizes and estimated monthly cost.

2. Clean Up Unused Azure Load Balancers

AKS provisions an Azure Standard Load Balancer rule for each Kubernetes Service of type LoadBalancer. At $0.025/hour per rule, a load balancer with 3 frontend IP configurations costs $54/month before any data processing charges.

Stale load balancers accumulate when:

• Services are deleted but the cloud controller doesn't successfully clean up the Azure resource.
• A cluster migration was performed and old Services weren't removed from the source cluster.
• Load balancers were created manually or via Helm charts that were uninstalled without proper cleanup hooks.

Check your Azure portal under Load balancers in the resource group associated with your AKS cluster (the MC_ resource group). Cross-reference each load balancer and frontend IP configuration with active Kubernetes Services. Any load balancer rule with no active backend pool members is waste.

Also check Public IP addresses in the same resource group — IPs allocated for deleted load balancers often remain unattached, accruing a small but ongoing charge.

3. Use Azure Spot VMs for Stateless Workloads

Azure Spot VMs run at 60–90% discounts compared to standard VM pricing for the same size. For stateless workloads — web API servers, background processors, batch jobs, CI/CD runners, ML training — Spot is the highest-impact compute cost reduction available in AKS.

AKS supports Spot node pools natively. Add a Spot node pool with the --priority Spot flag and configure your stateless Pods to tolerate the Spot eviction taint (kubernetes.azure.com/scalesetpriority=spot:NoSchedule). Keep a standard on-demand node pool for stateful workloads, critical services, and anything that can't tolerate interruption.

Spot VMs in Azure support eviction policies of Deallocate (default) or Delete. Use Delete in AKS Spot node pools to ensure nodes are fully removed on eviction rather than just stopped.

4. Enable Cluster Autoscaler and Node Pool Scale-to-Zero

AKS node pools with a static minimum node count maintain that count 24/7, regardless of actual load. Development and staging clusters that run at full capacity overnight and on weekends are a consistent source of unnecessary spending.

Cluster Autoscaler for AKS scales node pools based on pending and underutilized Pod states. Enable it per node pool with --enable-cluster-autoscaler and set --min-count 0 to allow the pool to scale to zero when no workloads require it. AKS supports scale-to-zero for user node pools (not the system node pool, which must have at least one node).

For clusters with predictable off-hours (dev/staging environments), scale-to-zero can reduce weekend and overnight compute costs by 60–70%.

Vertical Pod Autoscaler (VPA) complements cluster autoscaler by right-sizing individual Pod resource requests based on historical usage. Pods that request 4 vCPU but use 0.4 vCPU are packing poorly onto nodes. VPA shrinks their requests, allowing better bin-packing and fewer nodes for the same workload count.

5. Clean Up Stale Secrets and ConfigMaps

Stale Secrets and ConfigMaps in AKS clusters are a signal of accumulated configuration debt. They increase etcd storage, slow API server list operations, and obscure what configuration is actually active — making other audits harder to perform confidently.

Common sources in AKS environments:

• Secrets for Azure service principal credentials from workloads that were migrated to Managed Identities but the old Secrets weren't removed.
• ConfigMaps from Helm releases where helm uninstall was run without --purge on older Helm versions.
• Per-namespace ConfigMaps created by CI/CD pipelines without corresponding cleanup steps.

KorPro's read-only scan cross-references all ConfigMaps and Secrets against active Deployments, StatefulSets, DaemonSets, Jobs, ServiceAccounts, and Pod volumes in every namespace. Resources with no live reference are flagged for review.

For a systematic approach to ConfigMap cleanup, see How to Find and Remove Orphaned ConfigMaps in Kubernetes.

6. Use Reserved Instances for Predictable Baselines

Azure Reserved VM Instances provide 1-year and 3-year commitments on VM usage at 40–72% discounts over on-demand pricing. For AKS node pools with a stable baseline count — the minimum nodes you run continuously — Reserved Instances are a direct cost reduction requiring no architectural changes.

The rule: reserve the baseline, use Spot and autoscaling for burst. Commit to the number of nodes running 24/7 across your production cluster. Let the autoscaler handle demand above that level using on-demand or Spot capacity.

Azure Savings Plans (compute-level commitments) are more flexible than instance-specific reservations — they apply across VM sizes and can accommodate node pool changes without losing the discount. For AKS clusters that evolve node pool configurations over time, Savings Plans may be preferable to specific VM reservations.

7. Migrate Off Deprecated AKS Versions to Avoid Extended Support Fees

Azure AKS follows Kubernetes upstream release cadence with approximately 3 minor versions in standard support at any time. When a minor version reaches end of standard support, Microsoft offers extended support — but at a cost.

AKS Long Term Support (LTS) and extended support incur surcharges on top of normal VM and infrastructure costs. Running on an out-of-support Kubernetes version also blocks access to newer AKS features, increases security risk from unpatched CVEs, and creates technical debt that compounds over time.

Check your current AKS cluster version in the Azure portal or via az aks list --query "[].{name:name, kubernetesVersion:kubernetesVersion}". Compare against the AKS release calendar. If you're behind by more than one minor version, plan an upgrade.

Upgrading AKS in-place with az aks upgrade works for most clusters and is significantly safer than it was in earlier AKS versions. For clusters requiring zero-downtime upgrades, use node pool rolling upgrades and PodDisruptionBudgets.

AKS Cost Audit with KorPro

Before deleting anything, run a read-only audit to build a complete picture of orphaned resources and their estimated cost. This prevents accidental deletion and provides the documentation needed for team review.

1. Connect KorPro to your Azure subscription with read-only role assignment. The required permissions are minimal — Reader role on the AKS resource group and the MC_ node resource group is sufficient. No write access, no in-cluster agents, no cluster-side components. See the Azure setup guide for exact role assignments.

2. Review the orphaned Managed Disk report. KorPro lists every PVC not mounted by a running Pod, with the disk size, storage class (Standard SSD, Premium SSD, etc.), and estimated monthly cost. Prioritize by cost.

3. Review unused Services and Load Balancers. Services of type LoadBalancer with no backend Pods are surfaced with associated Azure Load Balancer rule cost estimates.

4. Review stale ConfigMaps and Secrets. Cross-referenced against all active workloads across every namespace.

5. Review total estimated monthly savings. KorPro aggregates all findings before any deletion is performed. Use this figure to prioritize cleanup efforts and build a business case for the work.

For the full cost recovery workflow, see Kubernetes Cost Recovery. For context on what orphaned resources typically cost across cloud providers, see the FinOps Guide to Kubernetes Waste.

Set a recurring audit cadence after initial cleanup — monthly for stable clusters, bi-weekly for clusters with frequent deployments. AKS clusters accumulate orphaned resources faster than teams expect, especially in environments with active development and frequent teardowns.

Conclusion

AKS may not charge for its control plane, but the underlying Azure infrastructure adds up quickly. The fastest cost reductions — orphaned Managed Disks, idle load balancers, stale public IPs — are low-risk and immediate. Spot VMs and autoscaling deliver sustained compute savings. Staying on supported Kubernetes versions avoids extended support surcharges.

Start with the audit. Connect KorPro to your AKS clusters with read-only access and get a full inventory of orphaned resources and estimated savings before making any changes. See the Azure setup guide to get started in under 5 minutes.