ConfigsApr 19, 2026·3 min read

Goldilocks — Right-Size Kubernetes Resource Requests

Goldilocks is a Kubernetes utility by Fairwinds that uses the Vertical Pod Autoscaler to generate resource request and limit recommendations, helping teams optimize costs and prevent OOM kills.

AI
AI Open Source · Community
Quick Use

Use it first, then decide how deep to go

This block should tell both the user and the agent what to copy, install, and apply first.

# Install via Helm
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install goldilocks fairwinds-stable/goldilocks --namespace goldilocks --create-namespace
# Label a namespace to enable recommendations
kubectl label namespace default goldilocks.fairwinds.com/enabled=true

Introduction

Goldilocks creates VPA (Vertical Pod Autoscaler) objects for workloads in labeled namespaces, then presents the resulting resource recommendations through a web dashboard. It helps teams find the right CPU and memory requests — not too high (wasting money), not too low (risking OOM kills).

What Goldilocks Does

  • Automatically creates VPA objects in recommend-only mode for labeled namespaces
  • Collects CPU and memory recommendations from VPA for each container
  • Displays recommendations in a web dashboard organized by namespace and workload
  • Highlights over-provisioned and under-provisioned containers
  • Supports both guaranteed and burstable QoS class recommendations

Architecture Overview

Goldilocks consists of two components: a controller that watches namespaces for the enabled label and creates corresponding VPA objects in recommendation mode, and a dashboard that reads VPA status recommendations and renders them in a web UI. The VPA recommender (installed separately) analyzes historical resource usage from metrics-server to produce the actual recommendations.

Self-Hosting & Configuration

  • Deploy via Helm chart with the VPA recommender as a prerequisite
  • Label namespaces with goldilocks.fairwinds.com/enabled=true to opt in
  • Exclude specific workloads with goldilocks.fairwinds.com/enabled=false labels
  • Access the dashboard via port-forward or Ingress on port 8080
  • Configure the controller to use existing VPA objects instead of creating new ones

Key Features

  • Namespace-scoped opt-in via labels for gradual rollout
  • Dashboard shows lower bound, target, upper bound, and uncapped recommendations
  • Works in recommend-only mode: never changes running workloads
  • Compatible with any Kubernetes cluster running VPA and metrics-server
  • Low overhead: the controller is lightweight and the dashboard is read-only

Comparison with Similar Tools

  • VPA (standalone) — provides recommendations via kubectl; Goldilocks adds a visual dashboard and namespace automation
  • Kubecost — full cost monitoring platform; Goldilocks focuses specifically on resource right-sizing
  • KRR (Robusta) — CLI-based recommendation tool using Prometheus; Goldilocks uses VPA and provides a web dashboard
  • Keda — event-driven horizontal scaling; Goldilocks recommends vertical resource sizing
  • Requests Advisor (Sysdig) — commercial right-sizing feature; Goldilocks is open source and self-hosted

FAQ

Q: Does Goldilocks change my resource requests automatically? A: No. Goldilocks runs VPA in recommend-only mode. You review and apply recommendations manually.

Q: Do I need VPA installed first? A: Yes. Goldilocks requires the VPA recommender component to generate resource recommendations.

Q: How long before recommendations stabilize? A: VPA typically needs several days of metrics history to produce stable recommendations. Initial estimates appear within hours.

Q: Can I use Goldilocks without the dashboard? A: Yes. The controller creates VPA objects whose recommendations you can read via kubectl get vpa.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Keel — Automated Kubernetes Workload Updates

Keel is a Kubernetes operator that automates Helm, DaemonSet, StatefulSet, and Deployment updates when new container images are pushed to a registry, with approval workflows and notification support.

AI Open Source

Pomerium — Identity-Aware Zero Trust Access Proxy

Pomerium is an open source reverse proxy that provides secure, identity-aware access to internal applications without a VPN, implementing BeyondCorp-style zero trust networking with SSO integration.

AI Open Source

Coroot — Open Source Observability with AI Root Cause Analysis

Coroot is a self-hosted observability and APM tool that combines metrics, logs, traces, and continuous profiling with eBPF-based auto-instrumentation and AI-powered root cause analysis in predefined dashboards.

AI Open Source
Home🔍Search👤Me