Trade-Offs in Kubernetes Security and Energy Consumption

As the threat landscape advances and pressure to reduce the energy footprint grows, it is crucial to understand how security mechanisms affect the power consumption of cloud-native platforms. Although several studies in this domain have investigated the performance impact of security practices or the energy characteristics of containerized applications, their combined effect remains largely underexplored. This study examines how common Kubernetes (K8s) safeguards influence cluster energy use across varying security configurations and workload conditions. By employing runtime and network monitoring, encryption, and vulnerability-scanning tools under diverse workloads (idle, stressed, realistic application), we compare the baseline system behavior against the energy consumption introduced by each security configuration. Our findings reveal that always-on security mechanisms impose a persistent baseline energy cost—occasionally making an idle protected cluster comparable to a heavily loaded unprotected one, while security under load results in substantial incremental overhead. In particular, service meshes and full-tunnel encryption show the largest sustained overhead, while eBPF telemetry, network security monitoring, and vulnerability scans add modest or short-lived costs. These findings provide useful security-energy insights and trade-offs for configuring K8s in resource-constrained settings, including IoT/smart city deployments.