@shinyaz

topologySpreadConstraints needs zone spread, not just hostname

1 min read
#kubernetes#aws#eks

While reviewing AWS EKS upgrade best practices, I realized I'd been setting topologySpreadConstraints with only kubernetes.io/hostname and calling it a day. Without topology.kubernetes.io/zone, all pods can land in the same AZ on different nodes — surviving node failure but not AZ failure.

Adding both constraints ensures cross-AZ and cross-node distribution:

topologySpreadConstraints:
- maxSkew: 1
  topologyKey: kubernetes.io/hostname
  whenUnsatisfiable: DoNotSchedule
  labelSelector:
    matchLabels:
      app: myapp
- maxSkew: 1
  topologyKey: topology.kubernetes.io/zone
  whenUnsatisfiable: DoNotSchedule
  labelSelector:
    matchLabels:
      app: myapp

Tested on an EKS Auto Mode cluster — 3 pods spread across ap-northeast-1a, 1c, and 1d. With hostname only, they'd sometimes cluster in a single AZ on different nodes. For production workloads, always set both.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this blog.

Read more