Goldilocks

Goldilocks is the human-facing recommendation layer on top of the Vertical Pod Autoscaler ecosystem.

Source paths

lumie-infra/observability/goldilocks/argocd.yaml
lumie-infra/observability/goldilocks/helm-values.yaml
lumie-infra/observability/goldilocks/common-values.yaml
lumie-infra/security/teleport/agent/helm-values.yaml
lumie-infra/security/kyverno/manifests/policies/require-goldilocks-label.yaml

Runtime contract

dashboard enabled
controller enabled
VPA subchart disabled because Lumie installs VPA separately
access exposed through the Teleport app goldilocks

Operational boundary

Goldilocks does not apply resource changes itself.
Lumie's VPA deployment is recommendation-only, with updater and admission controller disabled.
Namespace labeling still matters operationally because the repo enforces goldilocks.fairwinds.com/enabled: "true" through a Kyverno audit policy.

Failure modes

If VPA is missing or unhealthy, Goldilocks still serves a UI but recommendations become stale or absent.
If namespaces miss the expected label, operators lose consistency across the platform even though enableCostRecommendations is turned on in the chart values.
Teams sometimes mistake Goldilocks for an autoscaler. In Lumie it is a recommendation dashboard only.

Verification

kubectl get applications.argoproj.io -n argocd goldilocks
kubectl get pods -n goldilocks
kubectl get ns --show-labels | rg 'goldilocks.fairwinds.com/enabled'
kubectl describe deploy -n goldilocks goldilocks-dashboard

Source paths​

Runtime contract​

Operational boundary​

Failure modes​

Verification​

Related pages​

Source paths

Runtime contract

Operational boundary

Failure modes

Verification

Related pages