Fixed price · $495 USD · 2 weeks

Kubernetes Production Readiness Audit

A 47-point assessment of your production EKS, AKS, or GKE cluster, run by a CKA or CKS certified senior engineer. Board-ready report and 90-day remediation roadmap. Fixed price, fixed timeline, no procurement runaround.

Book a 20-min fit call See the 47 checks
4.9★ Clutch ISO 27001
In 2 WEEKS
You'll Have

Production-grade scorecard across 6 categories

Prioritized 90-day remediation roadmap

Senior engineer review, not a CSV dump

30 days of post-audit Slack Q&A included

47
checks per audit
$495
fixed price
2 wks
delivery

What we check

47 production-readiness checks across 6 categories. Every check produces a scored finding, a specific recommendation, and an effort estimate.

Security

10 checks

RBAC, Pod Security, NetworkPolicies, secrets, image provenance, CIS benchmark.

  • · RBAC scope
  • · Pod Security Admission
  • · NetworkPolicies
  • · Secret encryption at rest
  • · Image provenance
  • · ServiceAccount token hygiene
  • · Container security context
  • · CIS Kubernetes Benchmark
  • · API server audit logging
  • · Runtime vulnerability scanning

Reliability

8 checks

PDBs, anti-affinity, probes, resource limits, graceful shutdown, etcd backups.

  • · PodDisruptionBudgets
  • · Multi-zone distribution
  • · Autoscaling configured
  • · Resource requests and limits
  • · Probes tuned correctly
  • · Graceful shutdown
  • · Image pull policy
  • · etcd backup and restore

Scalability

7 checks

Cluster Autoscaler / Karpenter, HPA, VPA, node pool sizing, CoreDNS, CNI mode.

  • · Cluster Autoscaler or Karpenter
  • · Metrics-server health
  • · Vertical Pod Autoscaler
  • · Node pool sizing
  • · Ingress controller scaling
  • · CoreDNS configuration
  • · CNI and kube-proxy mode

Observability

8 checks

Metrics, logs, traces, alerts, dashboards, SLOs, cost observability, audit logs.

  • · Metrics collection
  • · Log aggregation
  • · Distributed tracing
  • · Actionable alerting
  • · Operational dashboards
  • · SLOs and error budgets
  • · Cost observability
  • · Audit and access log retention

Cost

6 checks

Right-sizing, spot nodes, idle resources, PV lifecycle, egress, RIs / Savings Plans.

  • · Right-sizing gap
  • · Spot and preemptible usage
  • · Idle resource detection
  • · Persistent Volume lifecycle
  • · Egress cost analysis
  • · Reserved Instance coverage

Compliance

8 checks

Data residency, encryption, audit retention, SSO, change management, DR.

  • · Data residency
  • · Encryption in transit
  • · Encryption at rest
  • · Audit log retention
  • · SSO and OIDC for kubectl
  • · GitOps change management
  • · Vulnerability remediation SLA
  • · Disaster recovery

What you get

Six deliverables, end of week 2.

Executive scorecard

One page, colour-coded, 0-100 score per category. Suitable for a board pack.

Detailed findings report

All 47 items with finding, recommendation, effort estimate, and risk score.

90-day remediation roadmap

Prioritized fixes with effort vs risk-reduction matrix. Specific tickets your team can pick up.

Cost-of-inaction estimates

For the top 5 critical findings - what it costs your business not to fix them.

Readout call + 30 days Q&A

90-minute walkthrough with engineering and leadership. Plus 30 days of Slack-based follow-up access.

Senior engineer accountability

A named CKA or CKS certified engineer runs and signs off on the audit. Not a junior team.

How it works

Four phases. Five working days of senior engineer effort. Two weeks calendar.

  1. 1

    Kickoff

    Day 0. 60-minute call to set up read-only access, scope the cluster, and meet your engineer. Mutual NDA signed.

  2. 2

    Assessment

    Days 1-3. Senior engineer runs the 47-point review across security, reliability, scalability, observability, cost, and compliance.

  3. 3

    Prioritize

    Days 4-5. Findings scored by risk, false positives removed, 90-day remediation roadmap drafted with effort estimates.

  4. 4

    Readout

    Week 2. 90-minute readout call with engineering and leadership. Report delivered. 30 days of Slack Q&A starts.

Included in $495

  • +One production EKS, AKS, or GKE cluster
  • +47-point assessment across 6 categories
  • +Executive scorecard plus detailed findings report
  • +90-day prioritized remediation roadmap
  • +90-minute readout call with your team
  • +30 days of Slack-based Q&A access

Not included

  • -Implementation or remediation work
  • -Code or configuration changes
  • -On-call or incident response coverage
  • -Additional clusters (one audit per cluster)
  • -Compliance certification work
  • -Post-30-day ongoing support

Available as fixed-price follow-on engagements once the audit identifies what you need.

Who this is for

Good fit:

  • Production Kubernetes on EKS, AKS, or GKE with 5+ engineers running it
  • Needs a credible assessment before a board review, audit, scale event, or M&A diligence
  • Wants a fixed price, not a consulting hourly bill

Not a fit:

  • Pre-production clusters or local dev environments
  • Needs implementation work, not assessment
  • Wants free advice or a sales pitch dressed as an audit

How this compares

Other paths to a production-readiness assessment, and where each one breaks down.

Open-source tools alone Big consultancy Freelance K8s engineer Tasrie audit
Price Free $60,000+ $50-150/hr $495 fixed
Time to delivery Hours, raw output 8-16 weeks Negotiable 2 weeks
Engineer accountability None Junior delivery team Variable Named senior
Findings prioritized by business risk No Yes Variable Yes
Executive readout call No Yes No Yes
Post-audit Q&A n/a Negotiated extra n/a 30 days included

Frequently asked questions

Everything we get asked before someone books the audit.

What clusters do you audit?

We audit production clusters on Amazon EKS, Azure AKS, or Google GKE - one cluster per engagement. If you have multiple clusters, each is a separate audit (or we can quote a multi-cluster bundle).

How is this different from running kube-bench or Polaris myself?

Those tools produce raw findings - hundreds of items with no business context. Our senior engineer reviews every finding, kills false positives, and prioritizes by actual risk to your environment. You get a board-ready report, not a CSV dump.

What access do you need?

Read-only kubectl access to the cluster, read access to your cloud account (IAM role we provide), and a 60-minute kickoff call with your platform team. We do not need write access or production credentials.

What happens after the audit?

You get the report, the 90-day remediation roadmap, and 30 days of Slack-based Q&A access. We do not lock you into a follow-on engagement. If you want help implementing the recommendations, see our Production Kubernetes Cluster Setup starting at $2,995; if you would rather your team handles it, that is fine too.

Do you sign an NDA?

Yes. Standard mutual NDA signed before the kickoff call. We can also sign your paper if your legal team prefers.

Can you guarantee findings?

Every audit we have run has surfaced findings worth more than the audit fee. We are confident enough in the methodology that if the audit produces fewer than 5 actionable findings, we refund 50%.

How quickly can you start?

Typically within 5-7 business days of contract signature. The 2-week clock starts on the kickoff call, not the contract date.

Can you brief our executive team or board?

Yes. The standard 90-minute readout includes engineering and leadership. We can also do a separate 30-minute executive-only briefing using the scorecard summary for an additional fixed fee.

Book your Kubernetes audit for $495

20-minute fit call first. We confirm your cluster is in scope and answer your questions. If we are not a fit, we will tell you in the call.

Book a 20-min fit call
Chat with real humans
Chat on WhatsApp