Onboard container rightsizing through Infrastructure-as-Code—now with namespace-level control

You can now enable container rightsizing via any IaC tool. Add a label to opt in individual workloads or entire namespaces—nOps will detect and apply the configuration automatically, no UI needed.

This update extends nOps Compute Copilot’s container rightsizing, which keeps your workloads running at optimal CPU and memory levels without constant manual adjustments. This enables your applications to scale seamlessly and reduce costs by avoiding resource waste.

What's New

We’ve launched namespace-level rightsizing via IaC—a powerful update that makes it easier to adopt container optimization at scale. It simplifies how you manage nOps VPA across large environments or team-based Kubernetes structures. Starting today, you can:

  • Onboard container rightsizing with any IaC tool
  • Enable or disable rightsizing for entire namespaces, not just individual workloads
  • Streamline opt-in for GitOps, large teams, and multi-repo setups

Namespace-Level Control

Apply the nops-vpa/enabled=true label to any namespace, and nOps will automatically treat all supported workloads (Deployments, StatefulSets, DaemonSets, etc.) within it as opted-in for rightsizing—unless explicitly excluded. This allows you to instantly apply rightsizing to entire environments like staging, prod, or team-a with one line of code.

Namespace settings can be overridden at the workload level for fine-grained control.

Use cases include:

  • “Enable rightsizing for all staging apps.”
  • “Let team-X manage rightsizing centrally at the namespace level.”
  • “Exclude one sensitive workload while optimizing everything else in the namespace.”

How It Works

Simply add the label nops-vpa/enabled=true to any namespace you want to opt-in for VPA rightsizing. All supported workloads (Deployments, StatefulSets, DaemonSets) within that namespace will automatically be included in VPA recommendations.

You can still override this at the workload level by explicitly labeling specific workloads with nops-vpa/enabled=false if you need to exclude certain workloads from the namespace-wide setting.

The decision logic works as follows:

  • Workload has nops-vpa/enabled=true: Explicitly opted-in
  • Workload has no label, but namespace has nops-vpa/enabled=true: Implicitly opted-in
  • Both workload and namespace lack the label: Ignored
  • Workload has nops-vpa/enabled=false while namespace is opted-in: Explicitly opted-out

This hierarchical approach gives you flexibility while reducing configuration overhead.

How to Get Started

To start using Namespace-Level VPA Rightsizing, simply add the nops-vpa/enabled=true label to your desired namespaces. This can be done through your Infrastructure as Code (IaC) templates or directly via kubectl:

kubectl label namespace your-namespace nops-vpa/enabled=true


For more information, check out the full guide at nOps Docs. 

If You’re Already on nOps…

Need some help? Simply reach out to your Customer Success Manager or visit our Help Center. If you’re not sure who your CSM is, send our Support Team an email.

If You’re New to nOps…

nOps was recently ranked #1 with five stars in G2’s cloud cost management category, and we optimize $2+ billion in cloud spend for our customers.

You can get started with container rightsizing by booking a quick call with one of our AWS experts.