Your shared Kubernetes cluster costs $80k/month. Which team owes what? If your answer is 'I don't know,' you have a finops problem that's about to become a political problem.
Here's how to do cost attribution without starting a war.
The levels of attribution
Level 0: No attribution. Infra budget is infrastructure's problem. Teams spend freely. This works at <50 engineers. Above that, waste explodes.
Level 1: Tag everything. Every resource gets a team tag. Sum up monthly spend per tag. Show teams their numbers. No charges yet.
Level 2: Show-back. Monthly report to each team: 'you spent $12k, 20% above last month.' No real money changes hands. Teams start optimizing voluntarily because visibility shames waste.
Level 3: Charge-back. Actually debit team budgets. This creates real accountability but also real conflict. Only do this when you have the political capital.
The attribution problems
Shared services. Your auth service is used by every team. Who pays?
Option A: Spread cost across all teams equally. Simple, feels fair.
Option B: Spread by usage (requests/day). More accurate, requires instrumentation.
Option C: Treat shared services as platform cost, not attributed to teams. Simplest, but hides waste.
I usually recommend B for anything above 5% of total cost, C for smaller shared services.
Burst costs. A team runs a batch job once a quarter that costs $5k. Do they get charged $5k in March and $0 in April? Or averaged?
Average for reporting. Charge actual for accounting. Otherwise teams can't plan.
Untagged resources. 20% of your spend is untagged. Who pays?
Choose a landing zone team (usually platform). Make untagged = their cost. They'll enforce tagging fast.
The political reality
The first time teams see their bills, they'll be shocked, angry, and occasionally defensive. That's fine. Let them be. Give them tools to cut cost, then step back. The shock phase passes.
After 3 months of show-back, most teams will have cut 15-25% of waste. That's where the real value is.
Written by Dr. Samson Tanimawo
BSc · MSc · MBA · PhD
Founder & CEO, Nova AI Ops. https://novaaiops.com
Top comments (2)
Your framing that "If your answer is 'I don't know,' you have a finops problem that's about to become a political problem" landed. The levels-of-attribution ladder (tag → show-back → charge-back) is exactly right for general K8s infra — but I've been watching teams hit a new wall once LLM workloads land on that same cluster.
With AI gateways, the K8s resource tag isn't the attribution boundary anymore. A single pod can serve requests from a dozen teams in the same minute. The tenant_id and workflow_id that tell you who generated which cost are in the request headers, not the resource label — and they frequently get stripped between gateway, router, and model server before they reach any cost tracking layer.
Have you run into that mismatch when LLM traffic shows up on shared infra?
— Argon
Some comments may only be visible to logged-in visitors. Sign in to view all comments.