TIL - Pod Topology Spread Constraints
In Kubernetes, pod topology spread constraints are used to control how pods are spread across the cluster. This helps to achieve high availability by evenly distributing workloads between nodes.
Example Scenario
There is an internal web application deployed in the staging cluster. However, the developers have reported that the web application takes a lot of time to respond. Upon investigating, you see that the node on which the web application is deployed has a resource crunch.
Upon further investigation, you see that two pods of the same security logging module are running on that node.
These pods with the security logging module has not been deployed as a DaemonSet because it is under evaluation and in the pilot stages. To collect sufficient logs, it is essential that two pods are deployed on two different nodes. Surely something went wrong and both replicas ended up on the same node.
As a senior engineer on the team, you came up with the below pod specification to fix the issue using the "Pod Topology Spread Constraints" concept.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
id: very-important-for-security
name: deploy-important
namespace: staging-internal
spec:
replicas: 2
selector:
matchLabels:
id: very-important-for-security
template:
metadata:
labels:
id: very-important-for-security
spec:
volumes:
- name: volume-mount
emptyDir: {}
containers:
- image: securitycorp/log-producer:fictitious
name: fictitious-log-producer
command:
- /bin/sh
args:
- "-c"
- "produce-security-logs /mnt/logs/important-logs"
volumeMounts:
- name: volume-mount
path: /mnt/logs
- image: securitycorp/log-consumer:fictitious
name: fictitious-log-consumer
command:
- /bin/sh
args:
- "-c"
- "consume-security-logs /mnt/logs/important-logs"
volumeMounts:
- name: volume-mount
path: /mnt/logs
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
id: very-important-for-security
References