This section describes how to apply and manage optimization policies from the cluster using YAML.
Policies are configured declaratively using Kubernetes Policy custom resources (CRs). A policy defines optimization behavior and how the policy selects workloads.
Policies select workloads using an appList selector, label selectors, or a policy annotation on the workload.
Each workload can be managed by at most one Pod rightsizing and one Replica optimization policy at a time. When multiple policies of the same type match the same workload, precedence rules determine which policy manages it.
If no policy manages a workload, optimization is not applied to it.
Workflow description
Use the following workflow to apply Pod rightsizing from the cluster:
No Policy resources?
If your cluster does not show Policy resources, rather APC and JPC resources, you are running an older version of the Insights agent. See ZZZ Deprecated Pod rightsizing topics.
Step 1. Select a policy
Kompass provides built-in policies, and you can also create custom policies.
Pod rightsizing policies
The following sections describe the Pod rightsizing policy parameters, built-in policy values, and Pod rightsizing-specific capabilities.
Pod rightsizing policy resource structure
Policy structure, sample, and parameter reference
Pod rightsizing behavior is configured through policy resources.
Each policy must include a complete set of configuration parameters. Policies do not inherit values from cluster-level defaults.
Pod rightsizing configuration sample
Values inside [ ] are user-specified placeholders.
New Sample
apiVersion: rightsizing.kompass.zesty.co/v1alpha1
kind: Policy
metadata:
# [string] Unique name identifier for this policy instance.
name: balanced
spec:
# [integer] Policy priority. If a workload matches multiple policies,
# the policy with the lower numeric value has higher priority.
priority: 0
# [string] Human-readable description explaining the operational
# target and behavior of this policy.
description: "Balances cost and stability for general workloads by using moderate buffers and stable recommendations."
# [array] Explicit list of workloads managed by this policy.
# Leave empty to select workloads using appSelector.
appList: []
# [object] Selects workloads managed by this policy based on workload
# labels and namespaces.
appSelector:
labels:
matchLabels: {}
matchExpressions: []
namespaces:
operator: Include
values: []
# [string] Period of historical workload metrics that Kompass uses to
# generate recommendations.
lookbackPeriod: "24h"
# [string] Minimum time between consecutive rightsizing changes to the
# same workload. Longer periods promote greater stability.
cooldownPeriod: "2h"
# [integer] Minimum percentage of the lookback period for which metrics
# must be available before Kompass generates a Pod rightsizing recommendation.
dataCoveragePercentage: 80
# CPU resource tuning and optimization settings.
cpu:
# [string] Specifies how CPU usage samples are aggregated over the
# lookback period when generating recommendations.
optimizationStrategy: "p95"
# [string] Specifies how CPU usage is aggregated across Pod replicas
# for each sample.
replicaAggregationMethod: "max"
# [integer] Percentage added to the recommended CPU request as a
# safety buffer.
bufferPercentage: 20
# [integer] Minimum percentage difference between the current and
# recommended CPU requests required for Kompass to apply a change.
minimumImpactPercentage: 10
# [string] Minimum increase in CPU request that Kompass can apply in
# a scale-up change.
minimumStepForScaleUp: 100m
# [string] Minimum CPU request that Kompass can set in a scale-down
# change.
minimumValueForScaleDown: 10m
# [boolean] Specifies whether CPU throttling events are ignored when
# evaluating rollback of a rightsizing change.
ignoreThrottlingEvent: false
# Memory resource tuning and optimization settings.
memory:
# [string] Specifies how memory usage samples are aggregated over the
# lookback period when generating recommendations.
optimizationStrategy: "p99"
# [string] Specifies how memory usage is aggregated across Pod replicas
# for each sample.
replicaAggregationMethod: "max"
# [integer] Percentage added to the recommended memory request as a
# safety buffer.
bufferPercentage: 30
# [integer] Minimum percentage difference between the current and
# recommended memory requests required for Kompass to apply a change.
minimumImpactPercentage: 10
# [string] Minimum increase in memory request that Kompass can apply
# in a scale-up change.
minimumStepForScaleUp: 256Mi
# [string] Minimum memory request that Kompass can set in a scale-down
# change.
minimumValueForScaleDown: 256Mi
# [boolean] Specifies whether out-of-memory events are ignored when
# evaluating rollback of a rightsizing change.
ignoreOomEvent: false
# [boolean] Specifies whether in-place resource updates are preferred
# when supported. In-place updates require Kubernetes 1.33 or later.
preferInPlace: true
# [boolean] Specifies whether to evict a Pod when an in-place rightsizing
# action results in Deferred status.
evictPodsInDeferredState: truePod rightsizing policy parameters reference
All parameters are validated when a policy is created or updated. Policies with missing or invalid parameters cannot be applied.
Parameter | Description | Value |
| Policy priority. If a workload matches multiple policies, the policy with the lower numeric value has higher priority. | Integer (priority values start at |
| Explicit list of workloads managed by this policy. | List of workload references |
| Label selector used to select workloads managed by this policy. | Label selector |
| Specifies whether the namespaces in |
|
| Namespaces to include in or exclude from workload selection. | List of strings |
| Period of historical workload metrics that Kompass uses to generate recommendations. | Duration, for example, |
| Minimum time between consecutive rightsizing changes to the same workload. Longer periods promote greater stability. | Duration, for example, |
| Minimum percentage of the lookback period for which metrics must be available before Kompass generates a Pod rightsizing recommendation. | Percentage (integer |
| Specifies how CPU usage samples are aggregated over the lookback period when generating recommendations. |
|
| Specifies how CPU usage is aggregated across Pod replicas for each sample. You can configure custom methods. For more information, see the “Define custom replica aggregation method values” section after this table. |
|
| Percentage added to the recommended CPU request as a safety buffer. | Percentage (integer |
| Minimum percentage difference between the current and recommended CPU requests required for Kompass to apply a change. Higher values increase stability but may reduce optimization effectiveness. | Percentage (integer |
| Minimum increase in CPU request that Kompass can apply in a scale-up change. | CPU quantity, for example, |
| Minimum CPU request that Kompass can set in a scale-down change. | CPU quantity, for example, |
| Specifies whether CPU throttling events are ignored when evaluating rollback of a rightsizing change. |
|
| Specifies how memory usage samples are aggregated over the lookback period when generating recommendations. |
|
| Specifies how memory usage is aggregated across Pod replicas for each sample. You can configure custom methods. For more information, see the “Define custom replica aggregation method values” section after this table. |
|
| Percentage added to the recommended memory request as a safety buffer. | Percentage (integer |
| Minimum percentage difference between the current and recommended memory requests required for Kompass to apply a change. Higher values increase stability but may reduce optimization effectiveness. | Percentage (integer |
| Minimum increase in memory request that Kompass can apply in a scale-up change. | Memory quantity, for example, |
| Minimum memory request that Kompass can set in a scale-down change. | Memory quantity, for example, |
| Specifies whether out-of-memory (OOM) events are ignored when evaluating rollback of a rightsizing change. |
|
| Specifies whether in-place resource updates are preferred when supported. In-place updates require Kubernetes |
|
| Specifies whether to evict a Pod when an in-place rightsizing action results in |
|
| Value by which the CPU request is multiplied during the startup boost. Note: this parameter is not part of a built-in policy. Add it for Startup boost, as described in Startup boost. | Decimal, minimum value: |
| Length of time the startup boost is applied after a Pod is created or a container is restarted. | Duration, for example, |
| Value by which the memory request is multiplied during the startup boost. | Decimal, minimum value: |
Define custom replica aggregation method values
You can define custom values for the CPU and memory replica aggregation method. This can be useful if the fixed values are overly aggressive.
To define custom aggregation method figures, you define values for custom1 and custom2 in Helm values.yaml, then define the value in the policy configuration as custom value 1 or custom value 2.
To define custom values:
Add the custom definition to Helm values.yaml:
rightsizing: config: customReplicaAggregationMethods: cpu: custom1: 70 custom2: 71 memory: custom1: 80 custom2: 81Note that both CPU and memory are in the same section.
In the policy on the cluster, change the value to the desired value.
For example, to set the memory value to 80, change the value in the policy
spec.memory.replicaAggregationMethodtocustom value 1.
Built-in Pod rightsizing policy fixed parameter values
Built-in policy fixed parameter values
The following table shows the fixed parameter values in the Pod rightsizing built-in policies:
Parameter hierarchy | Balanced | Stability-focused | Cost-focused |
| |||
| 2h | 2h | 2h |
| |||
| 20 | 30 | 5 |
| false | false | false |
| 10 | 10 | 0 |
| 100m | 100m | 100m |
| 10m | 10m | 10m |
| p95 | max | p85 |
| max | max | p85 |
| 80 | 90 | 50 |
| true | true | true |
| 24h | 24h | 12h |
| |||
| 30 | 40 | 10 |
| false | false | false |
| 10 | 10 | 0 |
| 256Mi | 256Mi | 64Mi |
| 256Mi | 256Mi | 64Mi |
| p99 | max | p95 |
| max | max | p95 |
| true | true | true |
| 0 | 1 | 2 |
You cannot delete or change built-in policies parameters.
To create a custom policy, see the “Create a custom policy” section in this article.
Pod rightsizing policy advanced capabilities
To have full control of policy parameters, you can create a custom policy. With custom policies you can also take advantage of the following:
Boost startup resources to temporarily increase resources during Pod initialization.
Select whether to right-size only CPU or only memory resources, not both.
Advanced capabilities
Boost startup resources
Some workloads require higher CPU or memory during initialization than during normal operation. To accommodate this, you would need to manually assign extra resources for startup (to prevent OOM or throttling) and then to reduce those assignments for ongoing operation.
With Pod rightsizing and Startup boost, you can temporarily increase CPU and memory resources for new Pods during initialization. After a configured duration, the resources automatically revert to initial values and then Pod rightsizing is applied.
With Startup boost:
Startup-related spikes are excluded from the steady state recommendation logic.
Steady-state requests are aligned with actual runtime usage.
You apply Startup boost to a workload by adding startupBoost to a custom Pod rightsizing policy that manages the workload.
spec:
startupBoost:
duration: 5m
cpu:
multiplier: 1.5
memory:
multiplier: 3Startup boost limitations and considerations
Applies to all containers in a Pod.
Requires in-place Pod mutation support.
Cannot be used if
preferInPlace: falseIf a Pod needs to be evicted to a different node due to insufficient node capacity, it will be evicted even if the policy includes:
spec.evictPodsInDeferredState = false
For more information about creating custom policies, see the “Create a custom policy” section in this article.
Selective Pod rightsizing
There may be cases where you want to manually manage workload memory resources while allowing Pod rightsizing to manage CPU resources, or vice versa.
For example, you may want separate control for memory-critical or CPU-critical applications (such as Java applications), or for testing purposes.
With Selective Pod rightsizing, you can apply Pod rightsizing to only one resource while manually managing the other resource.
To use Selective Pod rightsizing, create a custom policy and remove the entire configuration block for the resource that you want to manage manually.
For example, to apply Pod rightsizing only to CPU resources, remove the entire memory section from the policy:
memory:
bufferPercentage: 40
ignoreOomEvent: false
minimumImpactPercentage: 10
minimumStepForScaleUp: 256Mi
minimumValueForScaleDown: 256Mi
optimizationStrategy: max
replicaAggregationMethod: max Replica optimization policies
The following sections describe the Replica optimization policy parameters and built-in policy values.
Replica optimization policy resource structure
The Replica optimization policy is dependent on the Pod rightsizing policy.
Policy dependency, structure, sample, and parameter reference
Replica optimization behavior is configured through policy resources.
Each policy must include a complete set of configuration parameters. Policies do not inherit values from cluster-level defaults.
Replica optimization can be applied only to workloads that are already managed by a Pod rightsizing policy.
If a Replica optimization policy matches a workload that is not managed by a Pod rightsizing policy, the Replica optimization policy is not applied to that workload. The policy remains valid and no validation error is generated.
When a workload is managed by both a Pod rightsizing policy and a Replica optimization policy, the workload operates in MDA mode.
Replica optimization configuration sample
Values inside [ ] are user-specified placeholders.
This sample is for the Balanced, built-in policy.
apiVersion: horizontalscaling.kompass.zesty.co/v1alpha1
kind: Policy
metadata:
name: balanced
spec:
# Replica optimization does not reduce minimum replicas below this value.
absoluteMinimumReplicas: 2
appSelector:
labels: {}
namespaces:
operator: Include
values: []
description: Balanced setup with stable recommendations for production environments.
# Lower values have higher priority.
priority: 0Replica optimization policy parameters reference
All parameters are validated when the policy is created or updated.
Parameter | Description | Value |
|---|---|---|
| Policy priority. If a workload matches multiple Replica optimization policies, the policy with the lower numeric value has higher priority. | Integer (priority values start at 0) |
| Explicit list of workloads to manage with this policy. | List of workload references |
| Label selector used to select workloads managed by this policy. | Label selector |
| Specifies whether to include or exclude the namespaces listed in | Include | Exclude |
| Namespaces to include in or exclude from workload selection. | List of strings |
| Lowest minimum replica count that Replica optimization can apply to a workload. Replica optimization does not reduce a workload’s minimum replicas below this value. | Integer, minimum value: |
Built-in Replica optimization policy fixed parameter values
Built-in policy fixed parameter values
The following table shows the fixed parameter values in the Replica optimization built-in policies:
Parameter hierarchy | Balanced | Stability- | Cost- |
| |||
| 2 | 3 | 1 |
| 0 | 1 | 2 |
You cannot delete or change built-in policies parameters.
To create a custom policy, see the “Create a custom policy” section in this article.
Create a custom policy
When creating a custom policy, all parameters need to be explicitly defined. Duplicating a policy creates a new custom policy resource. The duplicate is editable because it is a custom policy, even if the original policy was built-in.
To create a custom policy:
From the cluster, duplicate an existing built-in or custom policy.
(Optional) Change parameters.
Save the policy with a new name.
Step 2. Define workload selection
You define which workloads a policy matches using selector fields in the policy and a policy annotation on the workload.
Workload selection options
In-policy selection (configured in the policy):
appList — explicitly match specific workloads by kind, name, and namespace
appSelector.labels — match workloads dynamically based on Kubernetes labels
appSelector.namespaces — filter the label-matched workloads by namespace
Workload-side matching (configured on the workload)
Policy annotation — explicitly match a workload to a policy by referencing the policy name in an annotation
When multiple selection mechanisms apply to the same workload, optimization policies use priority and conflict resolution rules to determine which policy manages it.
If neither appList nor appSelector.labels is defined, the policy does not match any workloads through selectors; workloads can still be matched by annotation.
Use appList or appSelector.labels to target workloads, and use appSelector.namespaces to narrow that selection.
Common policy selection use cases
The following table shows common policy selection use cases:
To do this | Use these mechanisms |
Target a single workload | Use appList to explicitly include a |
Target workloads by label | Use appSelector.labels.matchLabels to include workloads that share a specific metadata label, such as |
Target workloads by multiple label rules | Use matchExpressions to combine rules, for example: select workloads with |
Exclude a namespace | Use appSelector.namespaces.operator: Exclude to prevent optimization policies from affecting sensitive workloads in namespaces such as |
Include only a namespace | Use appSelector.namespaces.operator: Include to limit optimization to one or two namespaces, such as |
Explicitly assign one workload to a specific policy (override selectors and priority) | Use the workload policy annotation ( |
Explicit workload inclusion (appList)
Explicit workload inclusion (appList) matches specific workloads by kind, name, and namespace.
In this topic, appList refers to the explicit workload inclusion mechanism, which is configured using the appList field in the policy.
Use appList to target specific workloads by kind, name, or namespace.
appList:
- kind: <workload-kind>
name: <workload-name>
namespace: <namespace>Behavior:
Matches the workloads specified in the
appListentry.Takes precedence over label-based matching.
If only
namespaceis specified, the policy matches all supported workloads in that namespace.nameandkindcan’t be used by themselves; specify them together withnamespace.
Label-based selection (appSelector.labels) dynamically matches workloads based on Kubernetes labels.
appSelector:
labels:
matchLabels:
<label-key>: <label-value>
matchExpressions:
- key: <label-key>
operator: <operator>
values:
- <value>Supported operators: In, NotIn, Exists, DoesNotExist
Behavior:
matchLabelsandmatchExpressionsare evaluated using AND logic.Multiple
matchExpressionsare also evaluated using AND logic.Only workloads that match all conditions are matched to the policy.
Namespace filtering (appSelector.namespaces) scopes label-based selection to specific namespaces by including or excluding namespaces.
appSelector:
namespaces:
operator: <Include | Exclude>
values:
- <namespace>Behavior:
Applies only to workloads matched by label selectors.
The
kube-systemnamespace is always excluded.
A workload can be explicitly matched to a policy using a Kubernetes annotation.
Pod rightsizing
metadata:
annotations:
rightsizing.kompass.zesty.co/policy: <any rightsizing policy>Replica optimization
metadata:
annotations:
horizontalscaling.kompass.zesty.co/policy: <any horizontal scaling policy>Behavior:
The referenced policy matches the workload, and the corresponding optimization applies to that workload.
Annotation-based matching overrides selector-based selection and priority.
Removing the annotation removes this explicit match.
User interface and YAML:
The UI assigns a policy to a workload by creating or updating the workload’s policy annotation.
You can manage or modify Pod rightsizing in the UI only for workloads matched to a policy by annotation.
For workloads matched by
appListor label selectors, make changes using YAML.
The following table shows example uses of workload selection:
To match this | Use this |
|---|---|
Match one |
|
Match all workloads with |
|
Include |
|
Override selector-based selection and priority. | set |
Priority and conflict resolution
When multiple policies match the same workload, Pod rightsizing uses policy priority to determine which policy manages the workload.
Priority rules
A policy must define a
priorityvalue.Lower numeric values indicate higher priority. For example, priority 1 takes precedence over priority 2.
Priority values must be unique per cluster. If you create or update a policy with a priority value that is already used, the request is rejected with a validation error.
Pod rightsizing determines the managing policy using the following resolution order:
Annotation-based resolution: Annotation-based assignment overrides selector-based matching and priority independently for Pod rightsizing and Replica optimization policies.
Selector-based resolution: If a workload matches multiple policies through
appListor label selectors, the policy with the highest priority manages the workload.
A workload is managed by at most one Pod rightsizing policy and one Replica optimization policy at a time.
To confirm which policy manages a workload:
Check whether the workload has a policy annotation.
Ifmetadata.annotations.<policy-annotation-key>is set, the referenced policy manages the workload (and overrides selector-based selection and priority).If no policy annotation exists, determine which policies match the workload via
appListandappSelectorrules.If multiple policies match, the policy with the lowest
priorityvalue manages the workload.If the workload is not matched by any policy, it is unmanaged and no optimization is applied.