c52f07b615
* new samples; updates * typos * add policy to restrict LoadBalancer * correct sample numbering * fix typos
2.4 KiB
Spread pods across topology
When having a Kubernetes cluster that spans multiple availability zones, it is often desired to spread your Pods out among them in a way which controls where they land. This can be advantageous in ensuring that, should one of those zones fail, your application continues to run in a more predictable way and with less potential loss.
This sample policy configures all Deployments having the label of required: true to be spread amongst hosts which are labeled with the key name of zone. It does this only to Deployments which do not already have the field topologySpreadConstraints set.
NOTE: When deploying this policy to a Kubernetes cluster less than version 1.19, some feature gate flags will need to be enabled. Please see the More Information section below.
In order to test the policy, you can use this sample Deployment manifest below.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: busybox
distributed: required
name: busybox
spec:
replicas: 2
selector:
matchLabels:
app: busybox
distributed: required
template:
metadata:
labels:
app: busybox
distributed: required
spec:
containers:
- image: busybox:1.28
name: busybox
command: ["sleep", "9999"]
More Information
Policy YAML
spread_pods_across_topology.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: spread-pods
spec:
rules:
- name: spread-pods-across-nodes
# Matches any Deployment with the label `distributed=required`
match:
resources:
kinds:
- Deployment
selector:
matchLabels:
distributed: required
# Mutates the incoming Deployment.
mutate:
patchStrategicMerge:
spec:
template:
spec:
# Adds the topologySpreadConstraints field if non-existent in the request.
+(topologySpreadConstraints):
- maxSkew: 1
topologyKey: zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
distributed: required