K8s Migration & Cost Optimisation for a B2B SaaS

The brief was to migrate to a Kubernetes-based architecture, materially reduce cloud cost, and reach a credible 99.99% SLA — all without a customer-visible incident or a feature-development freeze longer than four weeks. Eight-week engagement.

We migrated to EKS with Karpenter as the autoscaler. Karpenter over Cluster Autoscaler was a deliberate choice: the workload mix (long-running Go services, batch ML jobs, scheduled report generation) benefited disproportionately from Karpenter's just-in-time, instance-type-aware provisioning. The cluster runs a mixed node pool — a portion on-demand for stateful and system workloads, the majority on spot for the stateless application tier — with consolidation enabled at a tight threshold.

Cost optimisations applied in order:

• VPA in recommendation mode for two weeks before any migration of compute, revealing that CPU requests across the fleet were significantly over-provisioned and memory similarly so.
• Graviton (arm64) node pool for the services where the dependency tree compiled cleanly, with a notable per-node cost reduction on those workloads.
• KEDA scale-to-zero for the batch and scheduled services that previously ran 24/7 on Fargate.
• RDS migration to Aurora Postgres with a read-replica per AZ, and the heaviest analytical queries moved off the primary onto a logical-replication-fed ClickHouse instance.
• S3 Intelligent Tiering plus an aggressive lifecycle policy on the team's accumulated log archive — terabytes moved into Glacier Deep Archive at a fraction of the previous cost.

For the SLA work, we built a proper SRE foundation: error budgets per service, defined SLOs reviewed weekly, golden-signal dashboards in Grafana, multi-AZ deployment of every stateful component, automated chaos testing using AWS Fault Injection Simulator, and a runbook-driven incident-response process replacing the previous "page someone in Slack" approach.

Migration was zero-downtime via a service-by-service traffic shift behind an AWS App Mesh proxy. We moved more than two dozen services over the engagement, with buffer time at the end for SLA hardening and game days.