kube-linter icon indicating copy to clipboard operation
kube-linter copied to clipboard
verified publisher icon stackrox

[FEATURE_REQUEST] Support topologySpreadConstraints for no-anti-affinity check

Open raweber42 opened this issue 1 year ago • 3 comments

Description of the problem/feature request When trying to satisfy the no-anti-affinity check, I stumbled upon topologySpreadConstraints (since Kubernetes 1.19) which is a good way to control how to spread replicas between different nodes. But implementing this does not meet the no-anti-affinity check (yet). Is there a specific reason to not include this? If not, I am willing to contribute to this project and include this to the check.

Description of the existing behavior vs. expected behavior When using this deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test
spec:
  replicas: 3
  selector:
    matchLabels:
      app: test-app
  template:
    metadata:
      labels:
        app: test-app
    spec:
      serviceAccountName: test-app-service-account
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: "kubernetes.io/hostname"
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app: test-app
      terminationGracePeriodSeconds: 60
      containers:
        - name: test-app
          image: busybox:1.30.1

I still get this error:

<standard input>: (object: test/test-app apps/v1, Kind=Deployment) object has 2 replicas but does not specify inter pod anti-affinity (check: no-anti-affinity, remediation: Specify anti-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on different nodes. Using podAntiAffinity, specify a labelSelector that matches pods for the deployment, and set the topologyKey to kubernetes.io/hostname. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity for details.)

Additional context I am willing to contribute.

raweber42 avatar Jan 16 '25 14:01 raweber42

+1 I have exactly the same problem

famaridon avatar Feb 27 '25 09:02 famaridon

Is there a specific reason to not include this? If not, I am willing to contribute to this project and include this to the check.

I think it should be added. The affinity check was added around 1.19 was released so that's why it could be omitted. It will be grate it you could contribute a patch. For first shot we could skip the check if topologySpreadConstraints is declared unless you have a more sophisticated solution in mind.

janisz avatar Mar 10 '25 12:03 janisz

We would appreciate this feature as well 👍

BarboraAni avatar May 23 '25 14:05 BarboraAni