Introduction to Kubernetes Performance Tuning: From Functional to Optimal
Kubernetes performance tuning is the systematic practice of analyzing, optimizing, and continuously improving the efficiency, speed, reliability, and resource utilization of applications running on Kubernetes clusters to achieve faster response times, higher throughput, lower latency, reduced resource consumption, improved user experience, and significantly lower cloud infrastructure costs—often reducing bills by 40-60% while simultaneously improving application performance. While Kubernetes makes it easy to deploy and run containerized applications with default configurations that "just work" functionally, the difference between default Kubernetes performance and properly tuned Kubernetes performance is often staggering: 3-5x faster response times, 50-70% reduction in resource consumption, ability to handle 5-10x more traffic on the same infrastructure, elimination of performance bottlenecks causing periodic slowdowns or outages, and dramatic cost savings that can reach hundreds of thousands of dollars annually for production workloads at scale.
The challenge is that Kubernetes performance optimization is not a single configuration change or one-time effort—it is a comprehensive discipline requiring expertise across multiple layers of the technology stack: application code optimization, container image optimization, pod resource configuration, Kubernetes networking performance, storage I/O optimization, cluster control plane tuning, node-level operating system configuration, and cloud provider infrastructure selection. Each layer presents dozens of tuning opportunities, and the optimal configuration varies dramatically based on your specific workload characteristics: CPU-intensive batch jobs require completely different tuning than memory-intensive databases, which require different optimization than latency-sensitive API services, which need different configuration than throughput-optimized data pipelines.
This comprehensive technical guide teaches you everything you need to know about tuning Kubernetes performance systematically from foundational concepts to advanced optimization techniques, covering: performance analysis methodologies identifying actual bottlenecks rather than optimizing the wrong things, pod resource requests and limits optimization balancing performance and cost, container image optimization reducing startup times and resource overhead, Kubernetes networking performance tuning for low-latency high-throughput communication, storage performance optimization for I/O-intensive workloads, cluster control plane tuning at scale, node-level operating system and kernel optimization, database and stateful application tuning on Kubernetes, monitoring and profiling to measure impact of optimizations, and how platforms like Atmosly automate performance optimization through AI-powered analysis identifying bottlenecks automatically, recommendation engines suggesting specific configuration changes with predicted performance and cost impact, continuous right-sizing adjusting resources based on actual usage patterns, and intelligent alerting detecting performance degradation before customer impact.
By mastering the performance tuning strategies explained in this guide, you'll transform your Kubernetes infrastructure from "good enough" default configurations to highly optimized production systems running 3-5x more efficiently, handling dramatically higher load on the same infrastructure, delivering consistently fast user experiences even during peak traffic, and reducing cloud costs by 40-60% without sacrificing reliability or performance—enabling your engineering team to support business growth without proportional infrastructure cost growth.
Performance Analysis Methodology: Measure Before Optimizing
The cardinal rule of performance optimization is: measure first, optimize second, measure again. Premature optimization wastes engineering time tuning things that don't actually matter while real bottlenecks remain unaddressed. The correct methodology is:
Step 1: Establish Performance Baselines
Before optimization, document current performance metrics to measure improvement:
Application-Level Metrics:
- Response time (latency): p50, p95, p99 percentiles (not just averages that hide problems)
- Throughput: Requests per second, transactions per second, messages processed per second
- Error rate: Percentage of requests failing (5xx errors, timeouts, exceptions)
- Resource consumption: Actual CPU, memory, disk, network usage under representative load
Infrastructure-Level Metrics:
- Pod CPU utilization: Percentage of requested and limit CPU actually used
- Pod memory utilization: Working set memory as percentage of requests/limits
- Pod startup time: Time from pod creation to ready status
- Node resource utilization: Overall node CPU, memory, disk I/O, network I/O
- Cluster capacity: Total allocatable resources vs total requested resources
Cost Metrics:
- Cost per request: Infrastructure cost divided by request volume
- Resource waste: Requested resources never utilized (over-provisioning)
- Compute costs: Node costs, storage costs, network egress costs
Example baseline measurement using Prometheus queries:
# Application response time p95
histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))
# Throughput (requests per second)
sum(rate(http_requests_total[5m]))
# CPU utilization (actual usage vs requests)
100 * rate(container_cpu_usage_seconds_total[5m]) / container_spec_cpu_quota
# Memory utilization (actual usage vs requests)
100 * container_memory_working_set_bytes / container_spec_memory_limit_bytes
# Pod startup time
histogram_quantile(0.95, rate(kube_pod_start_duration_seconds_bucket[1h]))
Step 2: Identify Performance Bottlenecks Using Profiling
Once you have baselines, identify where time and resources are actually being spent:
Application Profiling Tools:
- Go: pprof built-in profiler (CPU, memory, goroutine, mutex profiles)
- Java: JFR (Java Flight Recorder), VisualVM, Async-profiler
- Python: cProfile, py-spy, memory_profiler
- Node.js: Built-in profiler, clinic.js, 0x
Example: CPU profiling a Go application in Kubernetes:
# Expose pprof endpoint in your Go application
# In main.go:
import _ "net/http/pprof"
go func() {
http.ListenAndServe("localhost:6060", nil)
}()
# Port-forward to pod
kubectl port-forward 6060:6060
# Capture 30-second CPU profile
go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30
# Analyze profile interactively
(pprof) top10 # Show top 10 functions by CPU time
(pprof) list # Show annotated source code
(pprof) web # Generate interactive web visualization
Infrastructure Profiling Areas:
- CPU bottlenecks: Containers hitting CPU limits or throttling
- Memory bottlenecks: OOMKilled pods, high memory pressure, swapping
- Disk I/O bottlenecks: High iowait, storage latency, IOPS limits
- Network bottlenecks: Network latency, bandwidth saturation, packet loss
- Scheduling delays: Pods stuck in Pending due to resource constraints
Step 3: Prioritize Optimizations by Impact
Focus on optimizations with highest ROI (return on investment of engineering time):
High-Impact Optimizations (do these first):
- Fix over-provisioned resources (immediate cost savings, no performance risk)
- Optimize hot code paths identified by profiling (biggest performance gains)
- Add missing indexes to database queries (10-1000x query speedups)
- Implement connection pooling and caching (reduce redundant work)
- Right-size pod resources (eliminate throttling and OOMKills)
Medium-Impact Optimizations:
- Optimize container images (faster startup, lower storage costs)
- Tune garbage collection settings (reduce GC pauses)
- Optimize Kubernetes networking (reduce service mesh overhead)
- Configure horizontal pod autoscaling (automatic capacity adjustment)
Low-Impact Optimizations (polish, not priorities):
- Micro-optimize algorithms that aren't bottlenecks
- Premature code-level optimizations without profiling evidence
- Tuning parameters that have minimal real-world impact
Pod Resource Configuration: Requests, Limits, and QoS Classes
Understanding Kubernetes Resource Requests and Limits
Kubernetes resource management has two key concepts that are frequently misunderstood:
Resource Requests:
- Amount of CPU and memory guaranteed to the pod
- Used by Kubernetes scheduler to place pods on nodes
- Pod won't be scheduled if no node has enough unreserved resources
- Does NOT limit actual resource usage—pod can use more than requested
Resource Limits:
- Maximum amount of CPU and memory pod is allowed to use
- CPU limit: Pod is throttled (slowed down) if it tries to exceed limit
- Memory limit: Pod is OOMKilled (terminated) if it exceeds limit
- Limits affect QoS (Quality of Service) class determination
Example resource configuration:
apiVersion: v1
kind: Pod
metadata:
name: optimized-app
spec:
containers:
- name: app
image: myapp:v1.2.3
resources:
requests:
cpu: "500m" # 0.5 CPU cores guaranteed
memory: "512Mi" # 512 MiB guaranteed
limits:
cpu: "2000m" # Max 2 CPU cores (throttled above this)
memory: "1Gi" # Max 1 GiB (OOMKilled above this)
Kubernetes QoS Classes: Guaranteed, Burstable, BestEffort
Based on how you configure requests and limits, Kubernetes assigns one of three QoS classes affecting pod priority during resource pressure:
Guaranteed (highest priority):
- Every container has CPU and memory requests AND limits defined
- Requests equal limits for both CPU and memory
- Last to be evicted during node resource pressure
- Use for: Production critical services, databases, stateful applications
resources:
requests:
cpu: "1000m"
memory: "1Gi"
limits:
cpu: "1000m" # Same as request = Guaranteed QoS
memory: "1Gi" # Same as request = Guaranteed QoS
Burstable (medium priority):
- Has requests defined but limits are different from requests (or not defined)
- Can burst above requests up to limits
- Evicted after BestEffort but before Guaranteed during pressure
- Use for: Most production applications that need burst capacity
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2000m" # Higher than request = Burstable QoS
memory: "1Gi" # Higher than request = Burstable QoS
BestEffort (lowest priority):
- No requests or limits defined at all
- Can use any available resources on node
- First to be evicted during resource pressure
- Use for: Non-critical batch jobs, development environments
resources: {} # No requests or limits = BestEffort QoS
Right-Sizing Resources: Finding Optimal Values
The biggest performance mistake in Kubernetes is incorrect resource configuration:
Over-Provisioning Problems:
- Wasted money: Paying for resources you never use
- Reduced cluster efficiency: Nodes appear full based on requests but actually mostly idle
- Scheduling problems: Large requests prevent pods from fitting on nodes
Under-Provisioning Problems:
- CPU throttling: Application slows down when hitting limits
- OOMKills: Pods terminated when exceeding memory limits
- Performance degradation: Competing for resources with other pods
- Scheduling failures: Pods can't be scheduled due to insufficient requests
Strategy 1: Analyze actual usage patterns
# Find actual CPU usage (p95 over last 7 days)
histogram_quantile(0.95,
rate(container_cpu_usage_seconds_total{container="app"}[7d])
)
# Find actual memory usage (p95 over last 7 days)
histogram_quantile(0.95,
container_memory_working_set_bytes{container="app"}[7d]
)
# Compare to current requests
container_spec_cpu_quota{container="app"}
container_spec_memory_limit_bytes{container="app"}
Rule of thumb for setting requests and limits:
- CPU Request: Set to p95 actual usage (allows bursting above)
- CPU Limit: Set to 2-3x request (or remove limit entirely for burstable workloads)
- Memory Request: Set to p95 actual usage + 20% headroom
- Memory Limit: Set to 1.2-1.5x request (memory can't be throttled, only OOMKilled)
Example: Before and after right-sizing
# BEFORE: Massively over-provisioned (common anti-pattern)
resources:
requests:
cpu: "4000m" # Requested 4 CPUs
memory: "8Gi" # Requested 8 GiB
limits:
cpu: "4000m"
memory: "8Gi"
# Actual usage: 500m CPU, 1.2Gi memory (87.5% waste!)
# Monthly cost: $240/pod
# Performance: Scheduling difficulties due to large requests
# AFTER: Right-sized based on actual usage
resources:
requests:
cpu: "600m" # Based on p95 usage + headroom
memory: "1.5Gi" # Based on p95 usage + 20%
limits:
cpu: "2000m" # Allow bursting to 2 CPUs
memory: "2Gi" # 1.3x request for safety
# Actual usage: Still 500m CPU, 1.2Gi memory (well-sized)
# Monthly cost: $35/pod (85% cost reduction!)
# Performance: Better scheduling, no throttling, same performance
CPU Throttling: The Hidden Performance Killer
One of the most common Kubernetes performance issues is CPU throttling that slows applications without obvious errors:
How CPU throttling works:
- Kubernetes uses Linux CFS (Completely Fair Scheduler) quotas to enforce CPU limits
- If container exceeds CPU limit, it's throttled (paused) for the remainder of the scheduling period
- Default period is 100ms—if you use your full quota in 50ms, you wait 50ms before running again
- Results in mysterious slowdowns, increased latency, timeouts
Detecting CPU throttling:
# Throttling rate (throttled time / running time)
rate(container_cpu_cfs_throttled_seconds_total[5m]) /
rate(container_cpu_cfs_periods_total[5m])
# Number of throttling events per second
rate(container_cpu_cfs_throttled_periods_total[5m])
# Alert on significant throttling
rate(container_cpu_cfs_throttled_seconds_total[5m]) > 0.25 # 25% throttling
Solutions for CPU throttling:
- Increase CPU limit: Most straightforward if throttling is frequent
- Remove CPU limit entirely: For workloads that need burst capacity (controversial but effective)
- Optimize application CPU usage: Profile and reduce actual CPU consumption
- Use CPU Manager static policy: Pin exclusive CPU cores to containers (advanced)
# Option 1: Increase CPU limit
resources:
requests:
cpu: "500m"
limits:
cpu: "2000m" # Increased from 1000m to reduce throttling
# Option 2: Remove CPU limit (allow unlimited bursting)
resources:
requests:
cpu: "500m"
# limits: cpu omitted - no throttling, can use all available CPU
# Option 3: Guaranteed CPU with CPU Manager (requires node configuration)
resources:
requests:
cpu: "2" # Whole number
limits:
cpu: "2" # Equal to request for Guaranteed QoS
# Plus pod annotation:
metadata:
annotations:
cpu-manager.alpha.kubernetes.io/policy: "static"
Container Image Optimization: Faster Startup, Lower Overhead
Multi-Stage Builds: Reduce Image Size by 10-50x
Large container images increase pod startup time, storage costs, and network transfer times. Multi-stage builds produce minimal production images:
Anti-pattern: Single-stage build with everything included
# BAD: Includes build tools, source code, caches in final image
FROM golang:1.21
WORKDIR /app
COPY . .
RUN go build -o myapp
CMD ["./myapp"]
# Result: 1.2GB image (includes Go compiler, modules cache, source code)
Best practice: Multi-stage build with minimal runtime image
# Stage 1: Build
FROM golang:1.21 AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o myapp .
# Stage 2: Runtime (only compiled binary)
FROM alpine:3.19
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/myapp .
CMD ["./myapp"]
# Result: 15MB image (94% reduction!)
# Startup time: 2s → 0.5s
# Security: Minimal attack surface
Further optimization: Use distroless base images
# Distroless: No shell, package manager, or unnecessary tools
FROM golang:1.21 AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 go build -o myapp .
FROM gcr.io/distroless/static:nonroot
COPY --from=builder /app/myapp /
USER nonroot:nonroot
ENTRYPOINT ["/myapp"]
# Result: 5MB image (even smaller and more secure)
Layer Caching: Optimize Build Times
Docker caches image layers—structure your Dockerfile to maximize cache hits:
Anti-pattern: Invalidate cache on every code change
# BAD: COPY . invalidates cache whenever any file changes
FROM node:20
WORKDIR /app
COPY . . # This line invalidates cache on every code change
RUN npm install # npm install reruns every build even if dependencies unchanged
CMD ["npm", "start"]
# Build time: 5 minutes on every code change
Best practice: Copy dependencies first, code last
# GOOD: Only rebuild when dependencies change
FROM node:20
WORKDIR /app
# Copy dependency files first (changes infrequently)
COPY package.json package-lock.json ./
RUN npm ci --only=production # Cached unless dependencies change
# Copy application code last (changes frequently)
COPY . .
CMD ["npm", "start"]
# Build time: 30 seconds (5 minutes if dependencies changed)
Image Scanning and Vulnerability Management
Performance optimization shouldn't compromise security. Scan images for vulnerabilities:
# Scan image with Trivy
trivy image --severity HIGH,CRITICAL myapp:latest
# Example output showing vulnerabilities:
# myapp:latest (alpine 3.15.0)
# Total: 23 (HIGH: 15, CRITICAL: 8)
#
# CVE-2022-1271 - HIGH - gzip 1.10-r0
# CVE-2022-37434 - CRITICAL - zlib 1.2.11-r3
# Fix by updating base image:
FROM alpine:3.19 # Updated version with patches
Kubernetes Networking Performance Optimization
Service Mesh Overhead: Istio, Linkerd Performance Impact
Service meshes provide powerful features (mTLS, observability, traffic management) but add latency and CPU overhead:
Typical service mesh overhead:
- Latency impact: +2-5ms per request (sidecar proxy processing)
- CPU overhead: 10-30% additional CPU per pod (Envoy sidecar)
- Memory overhead: 50-150MB per pod (sidecar memory)
- Network bandwidth: Metrics and telemetry increase network usage
Optimizing Istio/Envoy performance:
# Tune Envoy proxy resource limits
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
namespace: istio-system
data:
values: |
global:
proxy:
resources:
requests:
cpu: 50m # Reduced from default 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
# Reduce telemetry overhead
telemetry:
v2:
enabled: true
prometheus:
enabled: true
stackdriver:
enabled: false # Disable if not needed
# Optimize connection pool
trafficManagement:
outboundTrafficPolicy:
mode: REGISTRY_ONLY # Only proxy registered services
When to skip service mesh for performance:
- Ultra-low latency requirements: <5ms p99 targets where 2-5ms overhead is unacceptable
- High-throughput internal services: Internal microservice communication not requiring mTLS
- CPU-constrained workloads: Where 10-30% overhead is too expensive
Alternative: Sidecarless service mesh (Cilium, eBPF-based):
- Lower overhead than sidecar-based meshes
- Latency impact: <1ms (kernel-level processing)
- No per-pod sidecar resource consumption
DNS Performance and CoreDNS Tuning
DNS lookups are a common bottleneck in Kubernetes networking:
Problem: DNS query storms
- By default, every HTTP request may trigger DNS lookup
- High-throughput services can generate 10,000+ DNS queries per second
- CoreDNS becomes bottleneck causing request failures and timeouts
Solution 1: Enable DNS caching in application
// Go: Configure HTTP client with custom resolver caching
resolver := &net.Resolver{
PreferGo: true,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
d := net.Dialer{
Timeout: 5 * time.Second,
}
return d.DialContext(ctx, "udp", "10.96.0.10:53") // CoreDNS IP
},
}
transport := &http.Transport{
DialContext: (&net.Dialer{
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second,
Resolver: resolver,
}).DialContext,
MaxIdleConns: 100,
MaxIdleConnsPerHost: 100,
IdleConnTimeout: 90 * time.Second,
}
client := &http.Client{
Transport: transport,
Timeout: 10 * time.Second,
}
Solution 2: Configure CoreDNS caching and scaling
# Increase CoreDNS cache size and TTL
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 60 { # Cache for 60 seconds (increased from default 30)
success 10000 # Cache up to 10k successful responses
denial 5000 # Cache up to 5k NXDOMAIN responses
}
loop
reload
loadbalance round_robin
}
---
# Scale CoreDNS replicas based on cluster size
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
spec:
replicas: 5 # Increased from default 2 for large clusters
# Enable autoscaling
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: coredns
namespace: kube-system
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: coredns
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
Solution 3: Use ndots optimization to reduce lookups
# Configure pod DNS policy to reduce unnecessary lookups
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
dnsConfig:
options:
- name: ndots
value: "1" # Reduced from default 5
- name: timeout
value: "2"
- name: attempts
value: "2"
containers:
- name: app
image: myapp:latest
# With ndots=1, "service.namespace.svc.cluster.local" is queried directly
# instead of trying "service.namespace.svc.cluster.local.default.svc.cluster.local" first
Connection Pooling and Keep-Alive
Establishing new TCP connections is expensive—reuse connections with pooling:
Problem: Creating new connections for every request
- TCP handshake: 1-2ms latency overhead per request
- TLS handshake: 5-10ms additional overhead for HTTPS
- High connection churn: Overwhelms connection tracking (conntrack table)
Solution: Configure connection pooling in HTTP clients
// Go: Optimized HTTP client with connection pooling
transport := &http.Transport{
MaxIdleConns: 1000, // Total idle connections
MaxIdleConnsPerHost: 100, // Idle connections per host
MaxConnsPerHost: 100, // Max connections per host
IdleConnTimeout: 90 * time.Second,
DisableKeepAlives: false, // Enable keep-alive
// Enable HTTP/2
ForceAttemptHTTP2: true,
// Tune timeouts
DialContext: (&net.Dialer{
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 5 * time.Second,
ResponseHeaderTimeout: 10 * time.Second,
}
client := &http.Client{
Transport: transport,
Timeout: 30 * time.Second,
}
// Java: Apache HttpClient with connection pooling
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
cm.setMaxTotal(1000); // Total connections
cm.setDefaultMaxPerRoute(100); // Connections per route
RequestConfig requestConfig = RequestConfig.custom()
.setConnectTimeout(5000)
.setSocketTimeout(30000)
.setConnectionRequestTimeout(5000)
.build();
CloseableHttpClient httpClient = HttpClients.custom()
.setConnectionManager(cm)
.setDefaultRequestConfig(requestConfig)
.setKeepAliveStrategy((response, context) -> 60000) // 60s keep-alive
.build();
Storage Performance Optimization
Storage Class Selection for Workload Types
Different storage classes have dramatically different performance characteristics:
AWS EBS Storage Classes:
- gp3 (General Purpose SSD): 3000 IOPS, 125MB/s baseline, cost-effective for most workloads
- io2 (Provisioned IOPS SSD): Up to 64,000 IOPS, 1000MB/s, for I/O-intensive databases
- st1 (Throughput Optimized HDD): 500MB/s throughput, low IOPS, for log processing
GCP Persistent Disk Classes:
- pd-standard (HDD): 0.75-1.5 IOPS per GB, low cost for infrequent access
- pd-balanced (SSD): 6 IOPS per GB, balanced performance/cost
- pd-ssd (SSD): 30 IOPS per GB, high-performance workloads
Azure Disk Classes:
- Standard HDD: 500 IOPS, low cost archival storage
- Standard SSD: 500 IOPS, general-purpose
- Premium SSD: 5000+ IOPS, latency-sensitive production databases
- Ultra Disk: 160,000 IOPS, sub-millisecond latency for extreme performance
Example storage class definitions:
# AWS: General-purpose gp3 for most workloads
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp3-standard
provisioner: ebs.csi.aws.com
parameters:
type: gp3
iops: "3000"
throughput: "125"
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
---
# AWS: High-performance io2 for databases
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: io2-database
provisioner: ebs.csi.aws.com
parameters:
type: io2
iops: "10000"
throughput: "500"
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
---
# GCP: High-performance SSD
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-ssd
provisioner: pd.csi.storage.gke.io
parameters:
type: pd-ssd
replication-type: regional-pd # Replicated across zones
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
Local Storage for Extreme Performance
For workloads requiring absolute maximum I/O performance, use local NVMe SSDs:
Local storage characteristics:
- Performance: 100,000+ IOPS, <0.1ms latency (10-100x faster than network storage)
- Limitation: Data lost if node fails (not replicated)
- Use cases: Caches, temporary processing, databases with replication (Cassandra, Kafka)
# Define local storage class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-nvme
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
# Create PersistentVolume for each local disk
apiVersion: v1
kind: PersistentVolume
metadata:
name: local-pv-node1
spec:
capacity:
storage: 500Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: local-nvme
local:
path: /mnt/nvme0n1
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node1
---
# StatefulSet using local storage
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cassandra
spec:
serviceName: cassandra
replicas: 3
selector:
matchLabels:
app: cassandra
template:
spec:
containers:
- name: cassandra
image: cassandra:4.1
volumeMounts:
- name: cassandra-data
mountPath: /var/lib/cassandra
volumeClaimTemplates:
- metadata:
name: cassandra-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: local-nvme
resources:
requests:
storage: 500Gi
Database Performance Tuning on Kubernetes
PostgreSQL optimization on Kubernetes:
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
data:
postgresql.conf: |
# Memory settings (adjust based on pod resources)
shared_buffers = 4GB # 25% of pod memory
effective_cache_size = 12GB # 75% of pod memory
work_mem = 64MB
maintenance_work_mem = 1GB
# Checkpoint settings
checkpoint_completion_target = 0.9
wal_buffers = 16MB
# Query tuning
random_page_cost = 1.1 # Lower for SSD storage
effective_io_concurrency = 200 # Higher for SSD
# Connection pooling (use PgBouncer externally)
max_connections = 100
# WAL settings for durability/performance balance
synchronous_commit = on
wal_compression = on
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
spec:
serviceName: postgres
replicas: 1
template:
spec:
containers:
- name: postgres
image: postgres:16
resources:
requests:
cpu: 2000m
memory: 16Gi
limits:
cpu: 4000m
memory: 16Gi
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: postgres-config
mountPath: /etc/postgresql
volumes:
- name: postgres-config
configMap:
name: postgres-config
volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: io2-database # High-performance storage
resources:
requests:
storage: 500Gi
Cluster Control Plane Performance at Scale
etcd Performance and Tuning
etcd is the Kubernetes cluster's source of truth—performance issues cascade to the entire cluster:
Critical etcd metrics to monitor:
# etcd request latency (should be <10ms)
histogram_quantile(0.99, rate(etcd_request_duration_seconds_bucket[5m]))
# etcd disk fsync latency (should be <25ms)
histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m]))
# etcd database size (should be <8GB ideally)
etcd_mvcc_db_total_size_in_bytes
# etcd leader changes (should be rare, indicates instability)
rate(etcd_server_leader_changes_seen_total[10m])
etcd performance optimization:
- Use dedicated high-performance storage: etcd requires low-latency fsync, use io2 or similar
- Separate etcd from other workloads: Run etcd on dedicated nodes if possible
- Defragment regularly: etcd accumulates fragmentation over time
- Tune snapshot and compaction: Balance history retention with performance
# Defragment etcd database
ETCDCTL_API=3 etcdctl defrag --cluster
# Compact etcd history (retain only last 1000 revisions)
ETCDCTL_API=3 etcdctl compact $(($(etcdctl endpoint status --write-out="json" | jq -r '.[] | .Status.header.revision') - 1000))
API Server Tuning for Large Clusters
Default API server settings don't scale to large clusters (1000+ nodes, 10,000+ pods):
# kube-apiserver flags for large clusters
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
containers:
- name: kube-apiserver
command:
- kube-apiserver
- --max-requests-inflight=3000 # Increased from default 400
- --max-mutating-requests-inflight=1000 # Increased from default 200
- --default-watch-cache-size=1000 # Increased from default 100
- --watch-cache-sizes=pods#10000,nodes#5000 # Per-resource cache sizes
- --enable-aggregator-routing=true
- --runtime-config=api/all=true
resources:
requests:
cpu: 4000m
memory: 8Gi
limits:
cpu: 8000m
memory: 16Gi
How Atmosly Automates Performance Optimization
Manual Kubernetes performance optimization requires deep expertise, continuous monitoring, extensive testing, and constant adjustment as workloads evolve. Atmosly automates this complexity through AI-powered analysis and recommendations:
Continuous Right-Sizing Engine
Atmosly continuously analyzes actual resource usage patterns and automatically recommends optimal resource configurations:
- Real-time usage analysis: Tracks actual CPU, memory, I/O patterns across all workloads
- Intelligent recommendations: Suggests optimal requests and limits based on p95 usage + appropriate headroom
- Cost-performance trade-offs: Shows exact cost savings and performance impact of each recommendation
- Automatic application: Can automatically apply recommendations during maintenance windows
- Anomaly detection: Identifies workloads with unusual resource patterns requiring investigation
Performance Bottleneck Detection
Atmosly automatically identifies common performance issues:
- CPU throttling detection: Identifies pods experiencing frequent throttling with impact analysis
- Memory pressure alerts: Warns before OOMKills occur with proactive scaling recommendations
- I/O bottleneck identification: Detects storage performance issues and suggests better storage classes
- Network latency analysis: Identifies DNS issues, service mesh overhead, and connection problems
- Database query analysis: Highlights slow queries and suggests optimization opportunities
AI-Powered Optimization Recommendations
Atmosly provides specific, actionable recommendations:
- Resource rightsizing: "Reduce frontend-deployment CPU request from 2000m to 600m to save $3,200/month"
- Storage optimization: "Switch database PVC from io2 to gp3, sufficient for current IOPS requirements, save $800/month"
- Image optimization: "Container image is 1.2GB, recommend multi-stage build to reduce to ~50MB for 30s faster startup"
- Autoscaling configuration: "Enable HPA with target 70% CPU to handle traffic spikes more efficiently"
Integrated Performance Testing
Atmosly helps validate optimizations before production:
- What-if analysis: Preview performance and cost impact of configuration changes
- Automated load testing: Generate realistic traffic to validate autoscaling and resource configs
- Rollback safety: Automatically revert changes if performance degrades
- Progressive rollout: Apply optimizations to small percentage of pods first, expand gradually
Learn more about how Atmosly can optimize your Kubernetes performance at atmosly.com
Performance Optimization Checklist
Use this checklist to systematically optimize Kubernetes performance:
Application-Level Optimizations
- ✓ Profiled application under load: Identified CPU and memory hotspots
- ✓ Optimized hot code paths: Reduced CPU consumption in most-used functions
- ✓ Implemented caching: Redis, Memcached, or in-memory caching for frequently accessed data
- ✓ Connection pooling configured: HTTP clients, database clients reuse connections
- ✓ Database queries optimized: Added indexes, eliminated N+1 queries, used query caching
- ✓ Asynchronous processing: Moved slow operations to background jobs/queues
Container and Image Optimizations
- ✓ Multi-stage builds implemented: Minimal production images without build tools
- ✓ Base images optimized: Using Alpine or distroless instead of full OS images
- ✓ Layer caching optimized: Dockerfile structured to maximize cache hits
- ✓ Image scanning: No HIGH or CRITICAL vulnerabilities in production images
- ✓ Image size reduced: <100MB for most application images
Resource Configuration Optimizations
- ✓ Resources right-sized: Requests match p95 actual usage + headroom
- ✓ CPU throttling minimized: No frequent throttling in production workloads
- ✓ Memory limits appropriate: Sufficient headroom to avoid OOMKills
- ✓ QoS classes assigned: Critical services use Guaranteed QoS
- ✓ Autoscaling configured: HPA enabled for variable-load services
Networking Optimizations
- ✓ DNS caching enabled: Applications cache DNS lookups appropriately
- ✓ CoreDNS scaled: Sufficient replicas for cluster size and query volume
- ✓ Connection keep-alive: HTTP clients configured with connection pooling
- ✓ Service mesh evaluated: Overhead acceptable or sidecarless alternative considered
- ✓ Network policies optimized: Not causing unnecessary packet drops
Storage Optimizations
- ✓ Storage classes matched to workloads: High-IOPS for databases, throughput-optimized for logs
- ✓ Local storage considered: For extreme performance requirements with acceptable durability trade-offs
- ✓ Database tuned: Configuration matches pod resources and workload patterns
- ✓ Volume provisioning optimized: Using WaitForFirstConsumer for topology-aware scheduling
Monitoring and Continuous Improvement
- ✓ Comprehensive monitoring: Application and infrastructure metrics collected
- ✓ Performance dashboards: Real-time visibility into latency, throughput, errors, saturation
- ✓ Alerting configured: Notified of performance degradation before customer impact
- ✓ Regular performance reviews: Monthly analysis of optimization opportunities
- ✓ Cost tracking: Monitoring optimization impact on infrastructure costs
Conclusion: Continuous Performance Optimization
Kubernetes performance optimization is not a one-time project but an ongoing discipline of measurement, analysis, optimization, and validation. By systematically applying the strategies covered in this guide—right-sizing resources, optimizing container images, tuning networking and storage, configuring autoscaling, and continuously monitoring performance—you can achieve 3-5x better efficiency, handle dramatically higher load on the same infrastructure, reduce costs by 40-60%, and deliver consistently excellent user experiences.
The key principles to remember:
- Measure before optimizing: Profile to identify actual bottlenecks, not assumed bottlenecks
- Optimize iteratively: Make one change at a time, measure impact, iterate
- Right-size resources: The biggest performance gains come from eliminating waste and throttling
- Test thoroughly: Validate optimizations under realistic load before production deployment
- Monitor continuously: Performance regresses over time as applications evolve—stay vigilant
Modern platforms like Atmosly eliminate much of the manual effort and expertise required for Kubernetes performance optimization through AI-powered analysis, automatic bottleneck detection, intelligent recommendations with cost-performance trade-offs, and continuous right-sizing that adapts to changing workload patterns—enabling teams to achieve optimal performance in hours rather than months of manual optimization.
Ready to optimize your Kubernetes performance? Start with the basics (measure current performance, right-size resources, optimize images), apply best practices systematically, and leverage modern platforms that automate the complexity so you can focus on building products rather than perpetually tuning infrastructure.