Prometheus is free. Kubernetes is free. PostgreSQL is free.
So why does running them cost millions?
The $0 license fee is the most expensive pricing in software—because it hides all the other costs. Understanding the true cost of “free” is essential for build vs buy decisions.
The $0 Illusion ¶
When evaluating software, companies compare:
Open source option: $0
Commercial option: $500K/year
Decision: "Obviously open source"
But the comparison is wrong. Here’s the real math:
Open source:
License: $0
2 Engineers to run it: $400K/year
Training: $30K
Incident costs: $50K/year
Opportunity cost: $200K/year
Total: $680K/year
Commercial:
License: $500K/year
0.25 Engineer to manage: $50K/year
Total: $550K/year
The “free” option costs $130K/year more.
The Hidden Costs ¶
1. People Costs ¶
Open source doesn’t manage itself. Someone needs to:
- Install and configure it
- Upgrade it regularly
- Monitor it
- Debug issues
- Scale it
- Secure it
That someone is expensive:
Senior infrastructure engineer: $200K/year fully loaded
Time spent on Prometheus: 50%
Annual cost: $100K
For a complex stack:
- Kubernetes: 1.5 FTE = $300K
- Prometheus: 0.5 FTE = $100K
- PostgreSQL: 0.5 FTE = $100K
- Kafka: 0.5 FTE = $100K
- Redis: 0.25 FTE = $50K
---------------
3.25 FTE = $650K/year
The software is free. The people aren’t.
2. Expertise Costs ¶
Open source requires deep expertise. Where does it come from?
Hiring: Specialists are expensive and hard to find
Generic engineer: $180K
Kubernetes specialist: $250K (+40%)
Kafka specialist: $260K (+45%)
Training: Existing engineers need training
Kubernetes training: $5K/person
Certification: $2K/person
Time away from work: 2 weeks ($8K)
Total per engineer: $15K
For a team of 5: $75K
Learning curve: Productivity loss while ramping
Engineer productivity during ramp-up:
Month 1-3: 50% (learning)
Month 4-6: 75% (gaining confidence)
Month 7+: 100% (proficient)
6 months of reduced productivity = 2.25 months of lost output
At $200K/year = $37K per engineer
3. Maintenance Costs ¶
Open source doesn’t stand still. You need to keep up:
Upgrades:
Major version upgrade:
Planning: 8 hours
Testing: 40 hours
Execution: 16 hours
Rollback prep: 8 hours
Documentation: 8 hours
Total: 80 hours = $8K per upgrade
4 major systems × 2 upgrades/year = $64K/year
Security patches:
Critical CVE response:
Assessment: 4 hours
Testing: 8 hours
Deployment: 4 hours
Total: 16 hours = $1.6K per patch
10 critical patches/year = $16K/year
Breaking changes:
API deprecation migration:
Discovery: 8 hours
Code changes: 40 hours
Testing: 24 hours
Total: 72 hours = $7.2K per migration
4. Incident Costs ¶
When open source breaks, you’re on your own:
Severity 1 incident:
4 engineers × 8 hours = 32 hours = $3.2K labor
Revenue impact: $50K (2 hours downtime)
Customer goodwill: Priceless
Total: $53K+ per incident
Without vendor support, incidents last longer:
With vendor support: MTTR 1 hour
Without support: MTTR 4 hours
3 extra hours of downtime × $25K/hour = $75K additional cost
5. Opportunity Cost ¶
Your best engineers are keeping the lights on instead of building product:
Senior engineer salary: $200K
Time on open source ops: 40%
Opportunity cost: $80K/year
What else could they build?
- Features that drive revenue
- Automation that improves efficiency
- Innovation that creates competitive advantage
This is the biggest hidden cost—and the hardest to see.
6. Risk Costs ¶
Open source carries risks that don’t appear until they materialize:
Project abandonment:
Maintainer burns out, project dies
Your options:
- Fork and maintain yourself (expensive)
- Migrate to alternative (expensive)
- Stay on dead version (risky)
Security vulnerabilities:
Log4j-style event:
Scramble to assess: 40 hours
Patch or mitigate: 80 hours
Audit: 40 hours
Total: 160 hours = $16K
Plus: Risk exposure while vulnerable
Compliance gaps:
Auditor: "Show me your SOC2 report for your database."
You: "It's open source, there is no SOC2 report."
Auditor: "Then show me how you've validated equivalent controls."
You: "..." (That's a 6-month project)
The TCO Framework ¶
Total Cost of Ownership for open source:
TCO = License + Hosting + People + Risk + Opportunity Cost
Where:
License: $0 (the part everyone sees)
Hosting: Cloud/hardware costs
People: Engineers to run it
Risk: Expected cost of incidents, security, abandonment
Opportunity: What else those engineers could do
Example: Running Your Own Kafka ¶
License: $0
Hosting:
3 brokers × $500/month $18K/year
Storage, networking $6K/year
People:
0.5 FTE to manage $100K/year
Training $10K (amortized)
Risk:
Expected incident cost $30K/year
Security exposure $10K/year
Opportunity:
0.5 FTE on product instead $100K/year
Total TCO: $274K/year
Compare: Managed Kafka (Confluent) ¶
License: $150K/year
Additional engineering: 0.1 FTE = $20K/year
Total TCO: $170K/year
The “free” option costs $100K/year more.
When Open Source Wins ¶
Open source isn’t always more expensive. It wins when:
High Volume ¶
Managed database: $0.10 per million queries
Your volume: 100B queries/month
Managed cost: $10M/month
Self-managed: $500K/month all-in
Winner: Open source by 20x
At massive scale, per-unit pricing kills you.
Strategic Control ¶
Some systems are core to your business:
"We need to modify the query planner for our workload"
"We need to integrate deeply with our custom tooling"
"We can't depend on a vendor for our core technology"
For strategic systems, the flexibility of open source is worth the cost.
Deep Expertise Already Exists ¶
Team has 3 Kafka experts already
Training cost: $0
Learning curve: 0
Incident MTTR: Same as vendor support
In this case, self-managed may be cheaper.
Long Time Horizon ¶
Year 1: Self-managed costs more (setup, learning)
Year 2: Roughly equal
Year 3+: Self-managed costs less (expertise amortized)
If you're committed for 5+ years, self-managed can win.
When Commercial Wins ¶
Small Teams ¶
Team size: 5 engineers
Systems to manage: K8s, Postgres, Redis, Kafka, Prometheus
Each system needs ~0.3 FTE to manage properly
Total: 1.5 FTE = 30% of your team
You can't afford to spend 30% of engineering on infrastructure.
Small teams should buy, not build.
Non-Core Systems ¶
"Is the logging system our competitive advantage?"
No.
"Will customers pay more because we run our own Elasticsearch?"
No.
"Does anyone care how we run our CI/CD?"
No.
Buy it. Focus on what matters.
Fast-Moving Domains ¶
Security tools: Threat landscape changes weekly
ML infrastructure: Best practices change monthly
Observability: New standards every year
You can't keep up. Pay someone whose job it is.
Time to Market Matters ¶
Build with open source: 6 months
Buy commercial: 2 weeks
4.5 months faster to market
Revenue opportunity: $500K
Cost of commercial: $100K
ROI: 400%
The Decision Framework ¶
Ask These Questions ¶
1. “Would I hire a full-time person to manage this?”
If yes: Consider commercial alternative
If no: Who's actually going to manage it?
2. “Is this core to our business?”
If yes: Open source may be worth the investment
If no: Why are we building it?
3. “What’s the cost of getting it wrong?”
High (revenue, security, compliance): Buy reliability
Low (internal tools, experiments): Open source is fine
4. “Do we have the expertise?”
If yes: Open source is viable
If no: Factor in hiring/training costs
5. “What’s our time horizon?”
< 2 years: Commercial (faster, less investment)
> 5 years: Open source (amortized costs)
The Hybrid Approach ¶
Most companies land on a hybrid:
Core systems: Self-managed (strategic value)
Commodity systems: Managed services (not worth the effort)
Experiments: Managed (speed)
Scale systems: Self-managed (cost)
Making the Case ¶
When presenting build vs buy decisions, show the full picture:
Bad presentation:
Option A (Open source): $0
Option B (Commercial): $500K
Recommendation: A
Good presentation:
Option A (Open source):
Year 1: $350K (setup + 0.5 FTE + training)
Year 2+: $250K/year (0.5 FTE + maintenance)
5-year: $1.35M
Option B (Commercial):
Year 1: $500K
Year 2+: $500K/year
5-year: $2.5M
Option C (Managed open source):
Year 1: $200K
Year 2+: $200K/year
5-year: $1M
Recommendation: C (lowest TCO, minimal operational burden)
Summary ¶
Open source is free like a puppy is free:
| What You See | What You Get |
|---|---|
| $0 license | + $X people costs |
| + $Y expertise costs | |
| + $Z maintenance costs | |
| + incident costs | |
| + opportunity costs | |
| + risk costs |
The total cost is often higher than commercial alternatives.
When evaluating open source:
| Factor | Open Source Wins | Commercial Wins |
|---|---|---|
| Volume | Very high scale | Low to medium |
| Expertise | Deep in-house | Limited |
| Core business | Yes | No |
| Time horizon | 5+ years | < 3 years |
| Team size | Large | Small |
| Time to market | Not critical | Critical |
The best decision isn’t always “free.” It’s the lowest total cost of ownership for your situation.
Don’t let a $0 price tag cost you millions.