Terraform
Workload Policies Configure workload rightsizing policies and attach them to clusters with Terraform.
devzero_workload_policy defines how workloads should be rightsized — CPU and memory vertical scaling, horizontal scaling, and the triggers that activate them. devzero_workload_policy_target attaches a policy to one or more clusters with optional namespace, kind, and workload filters.
resource "devzero_workload_policy" "cost_saving" { name = "cost-saving-policy" description = "Rightsize non-critical workloads" action_triggers = [ "on_detection" , "on_schedule" ] cron_schedule = "*/15 * * * *" detection_triggers = [ "pod_creation" , "pod_update" , "pod_evict" ] loopback_period_seconds = 86400 cooldown_minutes = 300 min_data_points = 20 min_change_percent = 0.2 cpu_vertical_scaling = { enabled = true target_percentile = 0.75 min_request = 25 max_scale_up_percent = 1000 max_scale_down_percent = 1 min_data_points = 20 adjust_req_even_if_not_set = true limits_removal_enabled = true } memory_vertical_scaling = { enabled = true target_percentile = 1 min_request = 134217728 max_scale_up_percent = 1000 max_scale_down_percent = 1 overhead_multiplier = 0.3 limits_adjustment_enabled = true limit_multiplier = 1 min_data_points = 20 adjust_req_even_if_not_set = true limits_removal_enabled = false } enable_pmax_protection = true pmax_ratio_threshold = 3 } Parameter Type Description namestring Human-friendly name for the policy
Parameter Type Description descriptionstring Free-form description action_triggerslist(string) When to act: "on_detection", "on_schedule" cron_schedulestring 5-field cron expression — required when "on_schedule" is set detection_triggerslist(string) What triggers detection: "pod_creation", "pod_update", "pod_evict" loopback_period_secondsnumber Historical data window in seconds startup_period_secondsnumber Grace period after pod starts before scaling cooldown_minutesnumber Minimum wait time between scaling applications min_data_pointsnumber Global minimum data points required before any recommendation min_change_percentnumber Global minimum change threshold for applying recommendations min_vpa_window_data_pointsnumber Minimum data points in VPA analysis window drift_delta_percentnumber Percentage drift from baseline that triggers VPA refresh stability_cv_maxnumber Maximum coefficient of variation to consider stable hysteresis_vs_targetnumber Hysteresis threshold vs target for HPA coordination live_migration_enabledbool Allow live migration when applying recommendations scheduler_pluginslist(string) Kubernetes scheduler plugins to activate defragmentation_schedulestring Cron expression for background defragmentation enable_pmax_protectionbool Raise requests to cover observed peak usage when peak-to-recommendation ratio exceeds pmax_ratio_threshold (default: false) pmax_ratio_thresholdnumber Peak-to-recommendation ratio that activates pmax protection (default: 3.0) cpu_vertical_scalingobject CPU vertical scaling configuration (see Vertical Scaling ) memory_vertical_scalingobject Memory vertical scaling configuration (see Vertical Scaling ) gpu_vertical_scalingobject GPU vertical scaling configuration (see Vertical Scaling ) gpu_vram_vertical_scalingobject GPU VRAM vertical scaling configuration (see Vertical Scaling ) horizontal_scalingobject Horizontal scaling configuration (see Horizontal Scaling )
Attribute Type Description idstring Unique identifier of the workload policy
Used by cpu_vertical_scaling, memory_vertical_scaling, gpu_vertical_scaling, and gpu_vram_vertical_scaling.
Parameter Type Description enabledbool Enable or disable vertical scaling for this resource target_percentilenumber Usage percentile to target (e.g. 0.75 for P75, 1 for P100) min_requestnumber Lower bound for resource requests (millicores for CPU, bytes for memory) max_requestnumber Upper bound for resource requests overhead_multipliernumber Extra headroom added to recommendations as a fraction (e.g. 0.3 for 30%) limit_multipliernumber How much higher limits should be vs requests (e.g. 2.0 = 2× the request) limits_adjustment_enabledbool Adjust container limits as well as requests limits_removal_enabledbool Remove resource limits from workloads (CPU only — memory limits removal is not supported) max_scale_up_percentnumber Maximum percent to scale up in one step max_scale_down_percentnumber Maximum percent to scale down in one step min_data_pointsnumber Minimum data points required before a recommendation adjust_req_even_if_not_setbool Suggest resource requests even if the workload currently has none set (default: false)
Parameter Type Description enabledbool Enable horizontal scaling min_replicasnumber Minimum number of replicas max_replicasnumber Maximum number of replicas primary_metricstring Primary metric for HPA decisions target_utilizationnumber Target utilization for primary metric (0.0–1.0) max_replica_change_percentnumber Maximum percent replica change in one step min_data_pointsnumber Minimum data points required for HPA decisions
terraform import devzero_workload_policy.example < workload_policy_i d > devzero_workload_policy_target attaches a devzero_workload_policy to one or more clusters. You can optionally filter by workload kind, namespace, and name patterns.
resource "devzero_workload_policy_target" "production" { name = "production-target" description = "Apply cost-saving policy to production deployments" policy_id = devzero_workload_policy . cost_saving . id cluster_ids = [devzero_cluster . production . id] priority = 1 enabled = true kind_filter = [ "Deployment" , "StatefulSet" ] namespace_pattern = { pattern = "^prod-" flags = "i" } workload_selector = { match_labels = { app = "my-service" } } } Parameter Type Required Description namestring Yes Human-friendly name for the target policy_idstring Yes ID of the devzero_workload_policy to attach cluster_idslist(string) Yes List of cluster IDs to apply the policy to descriptionstring No Free-form description enabledbool No Whether the target is active (default: true) prioritynumber No Evaluation priority when multiple targets overlap — higher values take precedence workload_nameslist(string) No Explicit list of workload names to include node_group_nameslist(string) No Restrict matching to specific node groups kind_filterlist(string) No Workload kinds to include (see below) name_patternobject No Regex-based workload name matching (pattern, flags) namespace_patternobject No Regex-based namespace name matching (pattern, flags) namespace_selectorobject No Label selector for namespaces (match_labels, match_expressions) workload_selectorobject No Label selector for workloads (match_labels, match_expressions)
Supported kind filter values: Pod, Deployment, StatefulSet, DaemonSet, Job, CronJob, ReplicaSet, ReplicationController, Rollout
Parameter Type Description patternstring Regular expression (RE2 syntax). Example: ^api-(staging|prod)-.*$ flagsstring Regex flags: "i" (case-insensitive), "m" (multi-line)
Parameter Type Description match_labelsmap(string) Exact label key/value pairs that must match match_expressionslist(object) Advanced label selector requirements
Each match_expressions entry:
Parameter Type Description keystring Label key to evaluate operatorstring In, NotIn, Exists, or DoesNotExistvalueslist(string) Values for In/NotIn; omit for Exists/DoesNotExist
Attribute Type Description idstring Unique identifier of the workload policy target
terraform import devzero_workload_policy_target.example < workload_policy_target_i d >