devzero-inc · Rupam-It · Jun 10, 2026 · Jun 9, 2026 · Jun 9, 2026 · Jun 9, 2026
diff --git a/docs/resources/node_policy.md b/docs/resources/node_policy.md
@@ -108,10 +108,9 @@ resource "devzero_node_policy" "aws_comprehensive" {
 
   # Disruption policy for cost optimization
   disruption = {
-    consolidate_after       = "15m"
-    consolidation_policy    = "WhenEmptyOrUnderutilized"
-    expire_after            = "720h" # 30 days
-    ttl_seconds_after_empty = 300    # 5 minutes
+    consolidate_after    = "15m"
+    consolidation_policy = "WhenEmptyOrUnderutilized"
+    expire_after         = "720h" # 30 days
 
     budgets = [
       {

diff --git a/docs/resources/node_policy_target.md b/docs/resources/node_policy_target.md
@@ -13,21 +13,19 @@ Attaches a node policy to specific clusters. Node policy targets determine which
 ## Example Usage
 
 ```terraform
-# Prerequisites - need cluster and node policy resources
+# Prerequisites
 resource "devzero_cluster" "production" {
   name = "production-cluster"
 }
 
-resource "devzero_node_policy" "general" {
-  name            = "general-purpose"
-  node_pool_name  = "general-pool"
-  node_class_name = "general-class"
+resource "devzero_node_policy" "standard_nodes" {
+  name = "standard-nodes"
 }
 
 # Minimal example - only required attributes
 resource "devzero_node_policy_target" "minimal" {
   name        = "production-clusters"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   cluster_ids = [devzero_cluster.production.id]
 
   # Defaults applied automatically:
@@ -37,13 +35,12 @@ resource "devzero_node_policy_target" "minimal" {
 
 # Comprehensive example - all attributes
 resource "devzero_node_policy_target" "comprehensive" {
-  name        = "production-general-target"
-  description = "Applies general purpose node policy to production clusters"
-  policy_id   = devzero_node_policy.general.id
+  name        = "cluster-nodes"
+  description = "Applies standard node policy to production clusters"
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = true
   cluster_ids = [
     devzero_cluster.production.id,
-    # Add more cluster IDs as needed
   ]
 }
 
@@ -63,7 +60,7 @@ resource "devzero_cluster" "eu_west" {
 resource "devzero_node_policy_target" "multi_cluster" {
   name        = "all-production-clusters"
   description = "Apply cost optimization policy to all production clusters"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = true
   cluster_ids = [
     devzero_cluster.us_east.id,
@@ -76,7 +73,7 @@ resource "devzero_node_policy_target" "multi_cluster" {
 resource "devzero_node_policy_target" "disabled" {
   name        = "staging-clusters"
   description = "Temporarily disabled while testing new policy"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = false # Target exists but is not active
   cluster_ids = [devzero_cluster.production.id]
 }

diff --git a/docs/resources/workload_policy.md b/docs/resources/workload_policy.md
@@ -13,64 +13,51 @@ Configures DevZero workload recommendation policies, including triggers, scaling
 ## Example Usage
 
 ```terraform
-# Only required attributes
-resource "devzero_workload_policy" "workload_policy" {
-  name            = "terraform-example"
+# Minimal — only required attributes
+resource "devzero_workload_policy" "minimal" {
+  name            = "cost-saving-policy"
   action_triggers = ["on_detection", "on_schedule"]
 }
 
-# All attributes
-resource "devzero_workload_policy" "workload_policy" {
-  name                     = "terraform-example"
-  description              = "some description"
-  action_triggers          = ["on_detection", "on_schedule"]
-  cron_schedule            = "*/15 * * * *" # Every 15th minute
-  detection_triggers       = ["pod_creation", "pod_update"]
-  loopback_period_seconds  = 3600 # 1 hour
-  startup_period_seconds   = 60   # 1 minute
-  live_migration_enabled   = true
-  scheduler_plugins        = ["dz-scheduler"]
-  defragmentation_schedule = "*/15 * * * *"
+# Full example — values kept in sync with the Pulumi provider
+resource "devzero_workload_policy" "cost_saving" {
+  name                    = "cost-saving-policy"
+  description             = "Rightsize non-critical workloads"
+  action_triggers         = ["on_detection", "on_schedule"]
+  cron_schedule           = "*/15 * * * *"                 # every 15 min; required when "on_schedule" is set
+  detection_triggers      = ["pod_creation", "pod_update"] # used when "on_detection" is set
+  loopback_period_seconds = 86400                          # 1 day — lookback window for usage data
+  cooldown_minutes        = 300                            # 5 hours between successive scale-down actions
+  min_data_points         = 20                             # min samples before any recommendation
+  min_change_percent      = 0.2                            # apply only if change > 20%
 
   cpu_vertical_scaling = {
-    enabled                   = true
-    min_request               = 1000
-    max_request               = 2000
-    overhead_multiplier       = 0.05 # 5%
-    limits_adjustment_enabled = true
+    enabled                    = true
+    target_percentile          = 0.75 # P75 of observed usage
+    min_request                = 25   # millicores; hard floor
+    max_scale_up_percent       = 1000 # max % increase per step
+    max_scale_down_percent     = 1    # max % decrease per step
+    min_data_points            = 20   # min CPU samples before recommendation
+    adjust_req_even_if_not_set = true # set requests even if workload has none
+    limits_removal_enabled     = true # strip CPU limits (cycles compress safely)
   }
 
   memory_vertical_scaling = {
-    enabled                   = true
-    min_request               = 1000
-    max_request               = 2000
-    overhead_multiplier       = 0.05 # 5%
-    limits_adjustment_enabled = true
+    enabled                    = true
+    target_percentile          = 1         # P100 — guard against OOMKills
+    min_request                = 134217728 # 128 MiB in bytes; hard floor
+    max_scale_up_percent       = 1000      # max % increase per step
+    max_scale_down_percent     = 1         # max % decrease per step
+    overhead_multiplier        = 0.3       # extra headroom over the recommendation
+    limits_adjustment_enabled  = true      # adjust limits alongside requests
+    limit_multiplier           = 1         # limits = request × this
+    min_data_points            = 20        # min memory samples before recommendation
+    adjust_req_even_if_not_set = true      # set requests even if workload has none
+    limits_removal_enabled     = false     # memory limits removal not supported
   }
 
-  gpu_vertical_scaling = {
-    enabled                   = true
-    min_request               = 1000
-    max_request               = 2000
-    overhead_multiplier       = 0.05 # 5%
-    limits_adjustment_enabled = false
-  }
-
-  gpu_vram_vertical_scaling = {
-    enabled                   = true
-    min_request               = 1000
-    max_request               = 2000
-    overhead_multiplier       = 0.05 # 5%
-    limits_adjustment_enabled = false
-  }
-
-  horizontal_scaling = {
-    enabled                   = true
-    min_replicas              = 1
-    max_replicas              = 2
-    overhead_multiplier       = 0.05 # 5%
-    limits_adjustment_enabled = true
-  }
+  enable_pmax_protection = true # guard against spike-induced OOMKills
+  pmax_ratio_threshold   = 3    # raise requests when peak is 3× the recommendation
 }
 ```
 
@@ -91,6 +78,7 @@ resource "devzero_workload_policy" "workload_policy" {
 - `description` (String) Free-form description of the policy to help others understand its intent and scope.
 - `detection_triggers` (List of String) Detection triggers for when to apply the workload policy. Only one of `pod_creation` or `pod_update` is allowed.The `pod_creation` trigger is used to apply the workload policy when a pod is created.The `pod_update` trigger is used to apply the workload policy when a pod is updated.
 - `drift_delta_percent` (Number) Percentage drift from baseline that triggers VPA refresh
+- `enable_pmax_protection` (Boolean) When true, the recommender raises requests to cover observed peak usage when the peak-to-recommendation ratio exceeds `pmax_ratio_threshold`. Default: false.
 - `gpu_vertical_scaling` (Attributes) GPU vertical scaling options (see [below for nested schema](#nestedatt--gpu_vertical_scaling))
 - `gpu_vram_vertical_scaling` (Attributes) GPU VRAM vertical scaling options (see [below for nested schema](#nestedatt--gpu_vram_vertical_scaling))
 - `horizontal_scaling` (Attributes) Horizontal scaling options (see [below for nested schema](#nestedatt--horizontal_scaling))
@@ -101,6 +89,7 @@ resource "devzero_workload_policy" "workload_policy" {
 - `min_change_percent` (Number) Global minimum change threshold for applying recommendations
 - `min_data_points` (Number) Global minimum data points required for recommendations
 - `min_vpa_window_data_points` (Number) Minimum data points in VPA analysis window
+- `pmax_ratio_threshold` (Number) Peak-to-recommendation ratio above which pmax protection activates. Example: 3.0 — triggers when peak is 3× the recommendation. Default: 3.0.
 - `scheduler_plugins` (List of String) Kubernetes scheduler plugins to activate
 - `stability_cv_max` (Number) Maximum coefficient of variation to consider stable
 - `startup_period_seconds` (Number) Startup period seconds of the workload policy. The startup period is the period of time to ignore resource usage data after the workload is started.
@@ -114,9 +103,11 @@ resource "devzero_workload_policy" "workload_policy" {
 
 Optional:
 
+- `adjust_req_even_if_not_set` (Boolean) When true, the recommender will suggest resource requests even if the workload currently has none set. Default: false.
 - `enabled` (Boolean) Enable or disable vertical scaling for this resource. When disabled, vertical recommendations will not be applied.
 - `limit_multiplier` (Number) How much higher limits should be vs requests (e.g., 2.0 = 2x the request).
 - `limits_adjustment_enabled` (Boolean) Allow recommender to adjust container limits as well as requests. When disabled, only requests are modified.
+- `limits_removal_enabled` (Boolean) When true, the recommender will remove resource limits from workloads (CPU axis only — memory limits removal is not supported). Default: false.
 - `max_request` (Number) Upper bound for container resource requests (e.g., CPU millicores or memory bytes) considered by the recommender.
 - `max_scale_down_percent` (Number) Maximum percent to scale down in one step
 - `max_scale_up_percent` (Number) Maximum percent to scale up in one step
@@ -131,9 +122,11 @@ Optional:
 
 Optional:
 
+- `adjust_req_even_if_not_set` (Boolean) When true, the recommender will suggest resource requests even if the workload currently has none set. Default: false.
 - `enabled` (Boolean) Enable or disable vertical scaling for this resource. When disabled, vertical recommendations will not be applied.
 - `limit_multiplier` (Number) How much higher limits should be vs requests (e.g., 2.0 = 2x the request).
 - `limits_adjustment_enabled` (Boolean) Allow recommender to adjust container limits as well as requests. When disabled, only requests are modified.
+- `limits_removal_enabled` (Boolean) When true, the recommender will remove resource limits from workloads (CPU axis only — memory limits removal is not supported). Default: false.
 - `max_request` (Number) Upper bound for container resource requests (e.g., CPU millicores or memory bytes) considered by the recommender.
 - `max_scale_down_percent` (Number) Maximum percent to scale down in one step
 - `max_scale_up_percent` (Number) Maximum percent to scale up in one step
@@ -148,9 +141,11 @@ Optional:
 
 Optional:
 
+- `adjust_req_even_if_not_set` (Boolean) When true, the recommender will suggest resource requests even if the workload currently has none set. Default: false.
 - `enabled` (Boolean) Enable or disable vertical scaling for this resource. When disabled, vertical recommendations will not be applied.
 - `limit_multiplier` (Number) How much higher limits should be vs requests (e.g., 2.0 = 2x the request).
 - `limits_adjustment_enabled` (Boolean) Allow recommender to adjust container limits as well as requests. When disabled, only requests are modified.
+- `limits_removal_enabled` (Boolean) When true, the recommender will remove resource limits from workloads (CPU axis only — memory limits removal is not supported). Default: false.
 - `max_request` (Number) Upper bound for container resource requests (e.g., CPU millicores or memory bytes) considered by the recommender.
 - `max_scale_down_percent` (Number) Maximum percent to scale down in one step
 - `max_scale_up_percent` (Number) Maximum percent to scale up in one step
@@ -179,9 +174,11 @@ Optional:
 
 Optional:
 
+- `adjust_req_even_if_not_set` (Boolean) When true, the recommender will suggest resource requests even if the workload currently has none set. Default: false.
 - `enabled` (Boolean) Enable or disable vertical scaling for this resource. When disabled, vertical recommendations will not be applied.
 - `limit_multiplier` (Number) How much higher limits should be vs requests (e.g., 2.0 = 2x the request).
 - `limits_adjustment_enabled` (Boolean) Allow recommender to adjust container limits as well as requests. When disabled, only requests are modified.
+- `limits_removal_enabled` (Boolean) When true, the recommender will remove resource limits from workloads (CPU axis only — memory limits removal is not supported). Default: false.
 - `max_request` (Number) Upper bound for container resource requests (e.g., CPU millicores or memory bytes) considered by the recommender.
 - `max_scale_down_percent` (Number) Maximum percent to scale down in one step
 - `max_scale_up_percent` (Number) Maximum percent to scale up in one step

diff --git a/docs/resources/workload_policy_target.md b/docs/resources/workload_policy_target.md
@@ -13,39 +13,44 @@ Defines which workloads a policy applies to by selecting namespaces, workloads,
 ## Example Usage
 
 ```terraform
-resource "devzero_cluster" "cluster" {
-  name = "terraform-example"
+resource "devzero_cluster" "production" {
+  name = "production-cluster"
 }
 
-resource "devzero_workload_policy" "workload_policy" {
-  name = "terraform-example"
+resource "devzero_workload_policy" "cost_saving" {
+  name = "cost-saving-policy"
 }
 
-# Only required attributes
-resource "devzero_workload_policy_target" "workload_policy_target" {
-  name        = "terraform-example"
-  policy_id   = devzero_workload_policy.workload_policy.id
-  cluster_ids = [devzero_cluster.cluster.id]
+# Minimal — only required attributes
+resource "devzero_workload_policy_target" "minimal" {
+  name        = "production-target"
+  policy_id   = devzero_workload_policy.cost_saving.id
+  cluster_ids = [devzero_cluster.production.id]
 }
 
 # All attributes
-resource "devzero_workload_policy_target" "workload_policy_target" {
+resource "devzero_workload_policy_target" "full" {
   name        = "terraform-example"
   description = "some description"
-  policy_id   = devzero_workload_policy.workload_policy.id
-  cluster_ids = [devzero_cluster.cluster.id]
+  policy_id   = devzero_workload_policy.cost_saving.id
+  cluster_ids = [devzero_cluster.production.id]
   priority    = 1
   enabled     = true
 
   workload_names   = ["workload-1", "workload-2"]     # Empty list means all workloads
   node_group_names = ["node-group-1", "node-group-2"] # Empty list means all node groups
-  kind_filter      = ["Deployment", "ReplicaSet"]     # Empty list means all kinds
+  kind_filter      = ["Deployment", "StatefulSet"]    # Empty list means all kinds
 
   name_pattern = {
     pattern = "terraform-example"
     flags   = "i"
   }
 
+  namespace_pattern = {
+    pattern = "^prod-"
+    flags   = "i" # case-insensitive
+  }
+
   namespace_selector = {
     match_labels = {
       app = "terraform-example"
@@ -75,6 +80,7 @@ resource "devzero_workload_policy_target" "workload_policy_target" {
 - `enabled` (Boolean) Enable or disable this target. When disabled, the associated policy will not apply to the selected workloads.
 - `kind_filter` (List of String) Restrict matching to specific Kubernetes kinds. Allowed values: `Pod`, `Job`, `Deployment`, `StatefulSet`, `DaemonSet`, `ReplicaSet`, `CronJob`, `ReplicationController`, `Rollout`.
 - `name_pattern` (Attributes) Regex to match workload names. Useful to target rollouts or name conventions (e.g., `^api-.*`). (see [below for nested schema](#nestedatt--name_pattern))
+- `namespace_pattern` (Attributes) Regex to match namespace names. Useful when namespaces follow a naming convention (e.g., `^prod-`). (see [below for nested schema](#nestedatt--namespace_pattern))
 - `namespace_selector` (Attributes) Select namespaces by labels. Uses the same semantics as Kubernetes label selectors. (see [below for nested schema](#nestedatt--namespace_selector))
 - `node_group_names` (List of String) Restrict matching to specific node groups by name
 - `priority` (Number) Evaluation priority among multiple targets. Higher values take precedence when multiple targets overlap.
@@ -94,6 +100,15 @@ Optional:
 - `pattern` (String) Regular expression applied to workload names. Uses RE2 syntax. Example: `^api-(staging|prod)-.*$`.
 
 
+<a id="nestedatt--namespace_pattern"></a>
+### Nested Schema for `namespace_pattern`
+
+Optional:
+
+- `flags` (String) Regex flags to modify matching behavior. Supported: `i` (case-insensitive), `m` (multi-line).
+- `pattern` (String) Regular expression applied to workload names. Uses RE2 syntax. Example: `^api-(staging|prod)-.*$`.
+
+
 <a id="nestedatt--namespace_selector"></a>
 ### Nested Schema for `namespace_selector`
 

diff --git a/examples/resources/devzero_node_policy/resource.tf b/examples/resources/devzero_node_policy/resource.tf
@@ -93,10 +93,9 @@ resource "devzero_node_policy" "aws_comprehensive" {
 
   # Disruption policy for cost optimization
   disruption = {
-    consolidate_after       = "15m"
-    consolidation_policy    = "WhenEmptyOrUnderutilized"
-    expire_after            = "720h" # 30 days
-    ttl_seconds_after_empty = 300    # 5 minutes
+    consolidate_after    = "15m"
+    consolidation_policy = "WhenEmptyOrUnderutilized"
+    expire_after         = "720h" # 30 days
 
     budgets = [
       {

diff --git a/examples/resources/devzero_node_policy_target/resource.tf b/examples/resources/devzero_node_policy_target/resource.tf
@@ -1,18 +1,16 @@
-# Prerequisites - need cluster and node policy resources
+# Prerequisites
 resource "devzero_cluster" "production" {
   name = "production-cluster"
 }
 
-resource "devzero_node_policy" "general" {
-  name            = "general-purpose"
-  node_pool_name  = "general-pool"
-  node_class_name = "general-class"
+resource "devzero_node_policy" "standard_nodes" {
+  name = "standard-nodes"
 }
 
 # Minimal example - only required attributes
 resource "devzero_node_policy_target" "minimal" {
   name        = "production-clusters"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   cluster_ids = [devzero_cluster.production.id]
 
   # Defaults applied automatically:
@@ -22,13 +20,12 @@ resource "devzero_node_policy_target" "minimal" {
 
 # Comprehensive example - all attributes
 resource "devzero_node_policy_target" "comprehensive" {
-  name        = "production-general-target"
-  description = "Applies general purpose node policy to production clusters"
-  policy_id   = devzero_node_policy.general.id
+  name        = "cluster-nodes"
+  description = "Applies standard node policy to production clusters"
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = true
   cluster_ids = [
     devzero_cluster.production.id,
-    # Add more cluster IDs as needed
   ]
 }
 
@@ -48,7 +45,7 @@ resource "devzero_cluster" "eu_west" {
 resource "devzero_node_policy_target" "multi_cluster" {
   name        = "all-production-clusters"
   description = "Apply cost optimization policy to all production clusters"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = true
   cluster_ids = [
     devzero_cluster.us_east.id,
@@ -61,7 +58,7 @@ resource "devzero_node_policy_target" "multi_cluster" {
 resource "devzero_node_policy_target" "disabled" {
   name        = "staging-clusters"
   description = "Temporarily disabled while testing new policy"
-  policy_id   = devzero_node_policy.general.id
+  policy_id   = devzero_node_policy.standard_nodes.id
   enabled     = false # Target exists but is not active
   cluster_ids = [devzero_cluster.production.id]
 }