Application Security DevOps Security Bloggers Network 
SBN

Kubernetes Resource Optimization & Best Practices with Goldilocks

by Andy Suderman on May 1, 2025

Kubernetes is now the industry standard for orchestrating containerized workloads, but efficient resource management remains a challenge for many organizations. It’s important to get right though! Over-provisioning leads to wasted cloud spend, while under-provisioning risks instability, throttling, or outages. When we first open-sourced Goldilocks in October 2019, our goal was to offer a dashboard utility to help you identify a baseline for setting Kubernetes resource requests and limits. Since then, we continue to use it in our Managed Kubernetes-as-a-Service offering and it’s built into our Fairwinds Insights software. Because it’s open source, everyone else has the opportunity to use it to get resource requests and limits just right, and they do! People regularly download and use Goldilocks because it fills a common need in the Kubernetes community.

Getting Resource Requests and Limits “Just Right”

Kubernetes allows you to set resource requests (the CPU/memory a container needs) and limits (the maximum it can use) for every container in a pod. These settings are crucial, because if they are set:

  • Too low: Your app may be throttled or OOMkilled, causing downtime
  • Too high: You waste resources and inflate your cloud bill

No one wants either of these outcomes. But without some guidance on requests and limits, many teams guess these values, setting them high “just in case,” or leave them unset—leading to performance issues, resource contention, and unpredictable costs. Kubernetes best practices dictate that every workload should have carefully chosen requests and limits, but knowing what values to use is really difficult, especially if you’re new to K8s.

Goldilocks: Recommending Resource Rightsizing

We created Goldilocks to solve this exact problem, which we kept seeing come up with our managed services clients. Goldilocks is a Kubernetes controller and dashboard that leverages the Vertical Pod Autoscaler (VPA) in recommendation mode to analyze historical pod resource usage and suggest optimal CPU and memory requests and limits.

How Goldilocks Works

  • Monitors Workloads: Goldilocks watches deployments in namespaces labeled with goldilocks.fairwinds.com/enabled=true.
  • Creates VPA Objects: For each deployment, it creates a VPA object that gathers usage data.
  • Generates Recommendations: The VPA’s recommendation engine analyzes historical CPU and memory usage, providing “target,” “lower bound,” and “upper bound” values.
  • Visualizes: Goldilocks presents these recommendations in a user-friendly dashboard, making it easy to update your manifests.

How Quality of Service (QoS) Classes Fit In

Goldilocks provides recommendations for two key Kubernetes QoS classes:

  1. Guaranteed pods have the strictest resource limits. These are the least likely to be evicted and won’t be killed unless they exceed limits or there aren’t any lower-priority pods that can be preempted from the node. Every container must have a memory and CPU limit and request set; the memory limit and request must be equal and the CPU limit and request must be equal.
  2. Burstable pods have some lower-bound resource guarantees (based on the request). They do not require a specific limit, but if specified, it defaults to a limit equivalent to the capacity of the node. This allows pods to increase resources if available. If there is node resource pressure, Burstable pods are only evicted after all Best Effort pods have been evicted. Pods are given a QoS class of Burstable if they don’t meet the Guaranteed criteria, however, at least one container in the pod must have a memory or CPU request or limit set.

We don’t recommend using the BestEffort QoS. This applies to pods that don’t meet the criteria for Guaranteed or Burstable, meaning there are no memory or CPU requests or limits set for containers in the pod, although they can request other resources.

Installing and Using Goldilocks

Prerequisites

  • metrics-server: Collects real-time resource usage.
  • Vertical Pod Autoscaler (VPA): Provides the recommendation engine.

Installation Steps

  1. Install metrics-server:
    helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/

    helm install my-metrics-server metrics-server/metrics-server
    –namespace vpa –create-namespace
  2. Install VPA:
    helm repo add fairwinds-stable
    https://charts.fairwinds.com/stable
     
    helm install vpa fairwinds-stable/vpa –namespace vpa
    –create-namespace

    On GKE Standard clusters, enable VPA:

    gcloud container clusters update [CLUSTER-NAME]
    –enable-vertical-pod-autoscaling

  3. Install Goldilocks:
    helm install goldilocks fairwinds-stable/goldilocks –namespace goldilocks –create-namespace
  4. Label Namespaces:
    kubectl label ns [YOUR-NAMESPACE]
    goldilocks.fairwinds.com/enabled=true
  5. Access the Dashboard:
    kubectl -n goldilocks port-forward svc/goldilocks-dashboard
    8080:80

    Visit http://localhost:8080 to view recommendations.

Interpreting Goldilocks Recommendations

The dashboard displays recommendations for each deployment, showing:

  • Current resource settings
  • Recommended requests and limits for Guaranteed and Burstable QoS
  • YAML snippets so you can easily copy/paste into your manifests

As VPA collects more data, recommendations become more accurate. You should regularly review and adjust your settings to continuously optimize your requests and limits.

Kubernetes Resource Management Best Practices

1. Always Set Resource Requests At Minimum

Never leave these unset—doing so risks cluster instability, resource contention, and unpredictable costs. Use Goldilocks to establish a data-driven baseline that you can refine over time. Consider whether limits are right for your workloads – in general, we recommend them as well, but there are tradeoffs for some workloads.

2. Use Autoscaling Strategically

  • Horizontal Pod Autoscaler (HPA): Scales pod count based on metrics like CPU or memory.
  • Vertical Pod Autoscaler (VPA): Adjusts resource requests/limits per pod.
  • Cluster Autoscaler: Adjusts node count to fit unschedulable pods.
  • Karpenter: Automatically launches the right compute resources needed to handle the applications in your cluster. Karpenter is more sophisticated than the cluster-autoscaler.

When using HPA (scaling on cpu/memory) and VPA together, run VPA in “recommendation” mode only (disable the updater) to avoid conflicts and disruptive pod restarts.

3. Monitor and Audit Continuously

Implement monitoring and alerting to track resource usage, spot anomalies, and validate that your workloads are running efficiently. Use tools like Prometheus, metrics-server, and Goldilocks itself.

4. Regularly Review and Adjust

Workload patterns change over time. Schedule regular audits of your resource settings, especially after major application updates or traffic shifts.

5. Use Namespaces, Labels, and Policies

  • Namespaces: Isolate workloads, enforce policies, and manage access.
  • Labels: Organize resources for cost allocation, monitoring, and scheduling.
  • Policies: Enforce policies for resource requests/limits, security, and reliability.

6. Implement Liveness and Readiness Probes

Liveness proves and readiness probes ensure Kubernetes can detect and recover from unhealthy containers, improving reliability and uptime.

8. Optimize Workload Placement

Use node selectors, affinities, topologySpreadConstraints, taints, and tolerations to ensure critical workloads get the resources and isolation they need.

9. Document and Automate

Keep resource allocation decisions documented and leverage automation (GitOps workflows) to maintain consistency and enable rapid recovery.

Goldilocks Helps You Improve Kubernetes Efficiency

In 2025, Goldilocks is still a great open source tool for Kubernetes teams seeking to balance cost, performance, and reliability. By enabling the analysis of historical resource usage and surfacing clear, actionable recommendations, it helps teams to set resource requests and limits “just right”—no more, no less. Using Goldilocks makes it easier for teams to follow Kubernetes best practices, helping you make your clusters more efficient, resilient, and cost-effective.

Want Kubernetes infrastructure built and managed so you can focus on your business differentiators, not your infrastructure? Check out Fairwinds Managed Kubernetes-as-a-Service.

Want to focus on your core business?

*** This is a Security Bloggers Network syndicated blog from Fairwinds | Blog authored by Andy Suderman. Read the original post at: https://www.fairwinds.com/blog/kubernetes-resource-optimization-best-practices-goldilocks

Andy Suderman 0 Comments