Topology Spread Constraints

Jan 1, 0001

Definition

Topology Spread Constraints are a Kubernetes feature that allows users to distribute pods across different failure domains, such as nodes, zones, or regions, to enhance application availability and fault tolerance. By specifying constraints, users can ensure that pods are not overly concentrated in a single domain, reducing the risk of service disruption due to localized failures.

Secure Settings Example

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
spec:
  replicas: 6
  selector:
    matchLabels:
      app: example
  template:
    metadata:
      labels:
        app: example
    spec:
      topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: topology.kubernetes.io/zone
        whenUnsatisfiable: DoNotSchedule
        labelSelector:
          matchLabels:
            app: example
      containers:
      - name: example-container
        image: example-image:latest

Insecure Settings Example

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
spec:
  replicas: 6
  selector:
    matchLabels:
      app: example
  template:
    metadata:
      labels:
        app: example
    spec:
      # Missing topologySpreadConstraints, leading to potential pod concentration
      containers:
      - name: example-container
        image: example-image:latest

Topology Spread Constraints

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter