If necessary, relax whenUnsatisfiable or adjust maxSkew temporarily.<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nUse Cases of Topology spread constraints<\/h2>\n\n\n\n
Provide 8\u201312 use cases:<\/p>\n\n\n\n
1) Highly available frontend service\n– Context: Public API served from multi-AZ cluster.\n– Problem: Zone failure should not take down all replicas.\n– Why it helps: Ensures replicas distributed across AZs.\n– What to measure: Replica skew by zone, error rate.\n– Typical tools: Prometheus, kube-state-metrics, Grafana.<\/p>\n\n\n\n
2) Distributed database coordinator placement\n– Context: Small controller nodes managing DB shards.\n– Problem: Concentrated placement triggers quorum loss.\n– Why it helps: Keeps coordinators in different topologies to maintain quorum.\n– What to measure: Leader changes, skew, latency.\n– Typical tools: Database metrics, scheduler logs.<\/p>\n\n\n\n
3) Edge POP service distribution\n– Context: Edge compute across POPs or racks.\n– Problem: Single POP outage degrades regional service.\n– Why it helps: Ensures at least one replica in each POP.\n– What to measure: POP-level availability and latency.\n– Typical tools: Edge monitoring, node labels.<\/p>\n\n\n\n
4) Stateful cache frontends\n– Context: Cache layer in front of DB.\n– Problem: Co-located instances on one node cause CPU contention.\n– Why it helps: Spreads cache replicas to reduce hotspots.\n– What to measure: Node CPU, cache hit ratio.\n– Typical tools: Prometheus, node exporter.<\/p>\n\n\n\n
5) Canary rollouts sensitive to topology\n– Context: Feature rollout in stages.\n– Problem: Canary all in one zone may not reveal cross-zone issues.\n– Why it helps: Place canary across topologies for better validation.\n– What to measure: Error flux across zones.\n– Typical tools: CI\/CD pipeline, metrics.<\/p>\n\n\n\n
6) Multi-tenant isolation\n– Context: Tenants with SLA requirements.\n– Problem: Tenant pods collocated causing noisy neighbor issues.\n– Why it helps: Use topology keys to direct tenant replicas across host groups.\n– What to measure: Tenant latency and node contention.\n– Typical tools: Kubernetes labels and scheduler constraints.<\/p>\n\n\n\n
7) Compliance-driven distribution\n– Context: Data residency and redundancy requirements.\n– Problem: Regulatory needs replicas across regions or racks.\n– Why it helps: Enforces placement across specific topology labels.\n– What to measure: Placement compliance and audit logs.\n– Typical tools: Policy-as-code and admission controls.<\/p>\n\n\n\n
8) Autoscaling resilience\n– Context: Rapid traffic increases causing autoscaling.\n– Problem: New replicas placed unevenly, burdening nodes.\n– Why it helps: Distributes newly created pods across nodes to avoid hotspots.\n– What to measure: New pod distribution and node utilization.\n– Typical tools: Cluster Autoscaler and scheduler metrics.<\/p>\n\n\n\n
9) Security isolation for critical workloads\n– Context: Critical microservices must avoid colocating with others.\n– Problem: Co-location increases attack surface.\n– Why it helps: Spread constraints combined with taints isolate critical services.\n– What to measure: Security incidents and placement adherence.\n– Typical tools: Admission controllers and policy engines.<\/p>\n\n\n\n
10) Legacy workload modernization\n– Context: Migrating monolith into microservices across zones.\n– Problem: Initial deployments concentrated in one topology.\n– Why it helps: Gradually enforce spread for safe migration.\n– What to measure: Service availability and skew during cutover.\n– Typical tools: GitOps and observability.<\/p>\n\n\n\n
\n\n\n\nScenario Examples (Realistic, End-to-End)<\/h2>\n\n\n\nScenario #1 \u2014 Kubernetes multi-AZ web service<\/h3>\n\n\n\n
Context:<\/strong> A customer-facing web service in a 3-AZ cluster.\nGoal:<\/strong> Ensure at least one replica per AZ and limit skew to 1.\nWhy Topology spread constraints matters here:<\/strong> Prevents all replicas landing in single AZ during AZ failure.\nArchitecture \/ workflow:<\/strong> Deployment with replicas: 9, topologySpreadConstraints with topologyKey=topology.kubernetes.io\/zone, maxSkew=1, whenUnsatisfiable=DoNotSchedule. PDB ensures minimal availability during maintenance.\nStep-by-step implementation:<\/strong> <\/p>\n\n\n\n\n- Label nodes with zone labels correctly.<\/li>\n
- Add topologySpreadConstraints to Deployment Pod template.<\/li>\n
- Configure PDB to allow safe maintenance.<\/li>\n
- Monitor replica counts per zone and pending pods.<\/li>\n
- Test with simulated AZ failure via chaos test.\nWhat to measure:<\/strong> Replica skew per zone, pending pods due to DoNotSchedule, time to restore.\nTools to use and why:<\/strong> Prometheus, kube-state-metrics, Grafana, chaos tool for failover.\nCommon pitfalls:<\/strong> DoNotSchedule blocks pods if capacity limited; autoscaler latency causes pending pods.\nValidation:<\/strong> Run zone failure simulation and confirm no service downtime and skew restored within target time.\nOutcome:<\/strong> Service remains available across AZs and recovers automatically.<\/li>\n<\/ol>\n\n\n\n
Scenario #2 \u2014 Serverless managed PaaS with placement controls<\/h3>\n\n\n\n
Context:<\/strong> Managed PaaS offering allows specifying placement affinity via annotations.\nGoal:<\/strong> Reduce correlated failures by allocating function instances across edge clusters or zones.\nWhy Topology spread constraints matters here:<\/strong> Even in managed environments, placement across domains reduces single-domain outages.\nArchitecture \/ workflow:<\/strong> Platform maps annotations into underlying Kubernetes topologySpreadConstraints or provider placement policies. The provider exposes a config to request spread across regions.\nStep-by-step implementation:<\/strong> <\/p>\n\n\n\n\n- Request placement profile in application manifest.<\/li>\n
- Platform validates and translates to topology keys.<\/li>\n
- Operator reviews mapping to provider topologies.<\/li>\n
- Deploy and measure instance distribution.\nWhat to measure:<\/strong> Instance skew across domains, invocation latency variance.\nTools to use and why:<\/strong> Provider metrics, platform logs, Prometheus if available.\nCommon pitfalls:<\/strong> Provider limitations may ignore hints; lack of direct control.\nValidation:<\/strong> Trigger region outage test and observe failover.\nOutcome:<\/strong> Functions continue to operate with reduced correlated failure risk.<\/li>\n<\/ol>\n\n\n\n
Scenario #3 \u2014 Incident response and postmortem for quorum loss<\/h3>\n\n\n\n
Context:<\/strong> A distributed DB loses quorum unexpectedly.\nGoal:<\/strong> Identify placement causes and fix distribution to prevent recurrence.\nWhy Topology spread constraints matters here:<\/strong> Misplacement caused too many replicas on same node group leading to correlated failure.\nArchitecture \/ workflow:<\/strong> Examine deployment topologySpreadConstraints, PDB, and node labels. Use tracing to correlate DB leader changes with node events.\nStep-by-step implementation:<\/strong> <\/p>\n\n\n\n\n- Run queries for pod placement at incident time.<\/li>\n
- Check scheduler events and pending pods.<\/li>\n
- Verify node failures or preemptions occurred.<\/li>\n
- Update topologySpreadConstraints and PDBs as corrective action.<\/li>\n
- Run postmortem and test changes in staging with chaos tests.\nWhat to measure:<\/strong> Time to quorum loss, number of replicas per topology at failure.\nTools to use and why:<\/strong> Scheduler logs, Prometheus, tracing, DB logs.\nCommon pitfalls:<\/strong> Missing historical metrics to correlate sequence of events.\nValidation:<\/strong> Confirm new placement prevents quorum loss under same failure scenario.\nOutcome:<\/strong> Root cause attributed to uneven placement; constraints updated and verified.<\/li>\n<\/ol>\n\n\n\n
Scenario #4 \u2014 Cost vs performance trade-off for spread constraints<\/h3>\n\n\n\n
Context:<\/strong> High-cost multi-AZ deployment with expensive cross-AZ networking.\nGoal:<\/strong> Balance cost and resilience by selectively applying spread to critical services.\nWhy Topology spread constraints matters here:<\/strong> Spreading every workload across AZs inflates cross-AZ costs; selective use optimizes trade-off.\nArchitecture \/ workflow:<\/strong> Tier services into critical and non-critical. Apply strict spread to critical; use ScheduleAnyway for non-critical. Monitor costs and performance.\nStep-by-step implementation:<\/strong> <\/p>\n\n\n\n\n- Classify services by criticality and cost impact.<\/li>\n
- Update manifests appropriately.<\/li>\n
- Run load tests to measure cross-AZ traffic and latency.<\/li>\n
- Monitor cost telemetry and performance metrics.\nWhat to measure:<\/strong> Cross-AZ network egress, replica skew, user latency.\nTools to use and why:<\/strong> Cost reporting tools, Prometheus, tracing.\nCommon pitfalls:<\/strong> Over-optimization reduces resilience unintentionally.\nValidation:<\/strong> Validate failover for critical services and acceptable degradation for non-critical ones.\nOutcome:<\/strong> Cost optimized while maintaining SLOs for critical services.<\/li>\n<\/ol>\n\n\n\n
\n\n\n\nCommon Mistakes, Anti-patterns, and Troubleshooting<\/h2>\n\n\n\n
List of mistakes with Symptom -> Root cause -> Fix (15\u201325 items)<\/p>\n\n\n\n
\n- Symptom: Pods Pending with Unschedulable reason -> Root cause: DoNotSchedule with not enough capacity -> Fix: Temporarily set ScheduleAnyway or add capacity.<\/li>\n
- Symptom: All replicas on one node -> Root cause: Missing topology node labels -> Fix: Apply consistent labels to nodes.<\/li>\n
- Symptom: High scheduler latency -> Root cause: Excessive constraints and high cluster size -> Fix: Simplify constraints or tune scheduler performance.<\/li>\n
- Symptom: PDB blocks maintenance -> Root cause: Strict PDB plus DoNotSchedule -> Fix: Adjust PDBs or maintenance windows.<\/li>\n
- Symptom: Quorum loss in DB -> Root cause: Replicas collocated on same topology -> Fix: Enforce stronger spread with anti-affinity.<\/li>\n
- Symptom: Excessive pod restarts after failure -> Root cause: Eviction storms due to mass rescheduling -> Fix: Stagger reschedules or add graceful draining.<\/li>\n
- Symptom: Canary not representative -> Root cause: Canary instances in a single topology -> Fix: Spread canary across domains.<\/li>\n
- Symptom: Unexpected placement in cloud provider -> Root cause: Provider overrides or mapping differences -> Fix: Validate provider topology mapping and labels.<\/li>\n
- Symptom: Observability gaps during incidents -> Root cause: No embed of topology metadata in traces -> Fix: Tag traces\/metrics with node\/zone metadata.<\/li>\n
- Symptom: Alerts too noisy -> Root cause: Too-sensitive thresholds or no suppression during autoscale -> Fix: Add grouping, suppression windows, and dedupe.<\/li>\n
- Symptom: Conflict between anti-affinity and spread -> Root cause: Contradictory Pod rules -> Fix: Reconcile rules or create exceptions.<\/li>\n
- Symptom: Scale-up creates uneven nodes -> Root cause: Autoscaler adds nodes in one pool only -> Fix: Configure autoscaler with balanced node pools and scale policies.<\/li>\n
- Symptom: Label drift over time -> Root cause: Automation or manual changes altering node labels -> Fix: Enforce labels via daemon or policy controller.<\/li>\n
- Symptom: Metrics cardinality explosion -> Root cause: Metrics per pod with high label set -> Fix: Aggregate metrics by topology key, drop high-cardinality labels.<\/li>\n
- Symptom: Misapplied constraints in CI -> Root cause: Incomplete manifests or templating issues -> Fix: Add linting and manifest validation to pipeline.<\/li>\n
- Symptom: Timing-sensitive imbalance -> Root cause: Slow autoscaler reaction -> Fix: Pre-warm capacity or predictive scaling.<\/li>\n
- Symptom: Rogue mutating webhook alters constraints -> Root cause: Webhook changing PodSpec labels -> Fix: Audit and restrict webhooks.<\/li>\n
- Symptom: Inconsistent behavior across clusters -> Root cause: Cluster version differences and scheduler flags -> Fix: Standardize cluster configurations.<\/li>\n
- Symptom: High network cost after spreading -> Root cause: Cross-AZ traffic increased by spreading stateful caches -> Fix: Selective spread and data locality considerations.<\/li>\n
- Symptom: Insufficient telemetry for postmortem -> Root cause: Lack of historical scheduler metrics -> Fix: Retain scheduler and pod placement metrics for relevant retention period.<\/li>\n
- Symptom: Overly complex policies -> Root cause: Mix of affinity, anti-affinity, taints and spread -> Fix: Simplify and document policy interactions.<\/li>\n
- Symptom: Security boundary breach due to placement -> Root cause: Over-tolerating taints and wide spread -> Fix: Combine spread with strict taints and node isolation.<\/li>\n
- Symptom: Unexpected cost spikes -> Root cause: Autoscaler scaling up to satisfy DoNotSchedule -> Fix: Monitor cost and tune autoscaler limits.<\/li>\n<\/ol>\n\n\n\n
Observability pitfalls (at least 5 included above):<\/p>\n\n\n\n