Terraform
Workload Policies
Configure workload rightsizing policies and attach them to clusters with Terraform.
Workload Policies
devzero_workload_policy defines how workloads should be rightsized -- CPU and memory vertical scaling, horizontal scaling, and the triggers that activate them. devzero_workload_policy_target attaches a policy to one or more clusters with optional namespace, kind, and workload filters.
WorkloadPolicy
Example
resource "devzero_workload_policy" "cost_saving" {
name = "cost-saving-policy"
description = "Aggressively rightsize non-critical workloads"
action_triggers = ["on_detection"]
detection_triggers = ["pod_creation", "pod_update"]
cpu_vertical_scaling {
enabled = true
target_percentile = 0.95
min_request = 50
max_request = 4000
overhead_multiplier = 1.1
limits_adjustment_enabled = true
}
memory_vertical_scaling {
enabled = true
target_percentile = 0.95
min_request = 64
max_request = 8192
overhead_multiplier = 1.15
limits_adjustment_enabled = true
}
}Arguments
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Unique name for the policy |
description | string | No | Human-readable description |
action_triggers | list(string) | No | When to act: "on_detection", "on_schedule" |
cron_schedule | string | No | 5-field cron expression (used with "on_schedule" trigger) |
detection_triggers | list(string) | No | What triggers detection: "pod_creation", "pod_update" |
loopback_period_seconds | number | No | Historical data window in seconds |
startup_period_seconds | number | No | Grace period after pod starts before scaling |
cooldown_minutes | number | No | Minimum wait time between scaling applications |
live_migration_enabled | bool | No | Enable live migration of workloads |
scheduler_plugins | list(string) | No | Scheduler plugins to use (e.g. ["dz-scheduler"]) |
defragmentation_schedule | string | No | Cron expression for background optimization |
min_change_percent | number | No | Minimum resource change to trigger scaling |
drift_delta_percent | number | No | Allowed drift before re-evaluation |
stability_cv_max | number | No | Maximum coefficient of variation for stability |
cpu_vertical_scaling | block | No | CPU vertical scaling configuration (see below) |
memory_vertical_scaling | block | No | Memory vertical scaling configuration (see below) |
gpu_vertical_scaling | block | No | GPU vertical scaling configuration (see below) |
gpu_vram_vertical_scaling | block | No | GPU VRAM vertical scaling configuration (see below) |
horizontal_scaling | block | No | Horizontal scaling configuration (see below) |
Vertical Scaling Block
Used by cpu_vertical_scaling, memory_vertical_scaling, gpu_vertical_scaling, and gpu_vram_vertical_scaling.
| Parameter | Type | Required | Description |
|---|---|---|---|
enabled | bool | Yes | Whether vertical scaling is active |
target_percentile | float | No | Usage percentile to target (e.g. 0.95) |
min_request | number | No | Minimum request value (millicores for CPU, MiB for memory) |
max_request | number | No | Maximum request value |
overhead_multiplier | float | No | Safety margin multiplier applied to recommendations |
limits_adjustment_enabled | bool | No | Whether to adjust limits alongside requests |
Horizontal Scaling Block
| Parameter | Type | Required | Description |
|---|---|---|---|
enabled | bool | Yes | Whether horizontal scaling is active |
min_replicas | number | No | Minimum number of replicas |
max_replicas | number | No | Maximum number of replicas |
overhead_multiplier | float | No | Safety margin multiplier applied to recommendations |
limits_adjustment_enabled | bool | No | Whether to adjust limits alongside requests |
WorkloadPolicyTarget
devzero_workload_policy_target attaches a devzero_workload_policy to one or more clusters. You can optionally filter by workload kind, namespace, and name patterns.
Example
resource "devzero_workload_policy_target" "production" {
name = "production-target"
policy_id = devzero_workload_policy.cost_saving.id
cluster_ids = [devzero_cluster.production.id]
kind_filter = ["Deployment", "StatefulSet"]
enabled = true
}Arguments
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Unique name for the target |
policy_id | string | Yes | ID of the devzero_workload_policy to attach |
cluster_ids | list(string) | Yes | List of cluster IDs to apply the policy to |
description | string | No | Human-readable description |
enabled | bool | No | Whether the target is active (default: true) |
priority | number | No | Priority when multiple targets match a workload |
workload_names | list(string) | No | Specific workload names to match |
node_group_names | list(string) | No | Node groups to scope the policy to |
kind_filter | list(string) | No | Workload kinds to include (see below) |
name_pattern | block | No | Regex-based name matching (pattern, flags) |
namespace_selector | block | No | Label selector for namespaces (match_labels, match_expressions) |
workload_selector | block | No | Label selector for workloads (match_labels, match_expressions) |
Supported kind filter values: Pod, Deployment, StatefulSet, DaemonSet, Job, CronJob, ReplicaSet, ReplicationController, Rollout
name_pattern Block
| Parameter | Type | Description |
|---|---|---|
pattern | string | Regular expression to match workload names |
flags | string | Regex flags: "i" (case-insensitive), "m" (multiline) |
namespace_selector / workload_selector Block
| Parameter | Type | Description |
|---|---|---|
match_labels | map(string) | Key-value pairs that must all match |
match_expressions | list(block) | Label selector expressions (key, operator, values) |