☑️ Prevent pods from becoming unschedulable

PodTopologySpread allows defining the spreading constraints for workloads with a flexible and expressive Pod-level API. It includes a few settings, some of which are:

maxSkew - describes the maximum degree to which Pods can be unevenly distributed across nodes/zones/etc.
whenUnsatisfiable tells the scheduler how to deal with a Pod if it doesn't satisfy the spread constraints; whether to schedule it or not. In practice, it specifies what action should be taken when maxSkew can't be satisfied.

Setting whenUnsatisfiable to DoNotSchedule will cause pods to be “unschedulable” if the topology spread constraint can't be fulfilled. It should only be set if it's preferable for pods to not run instead of violating the topology spread constraint.

Targeted objects by this rule (types of kind): Deployment / Pod / DaemonSet / StatefulSet / ReplicaSet / CronJob / Job

Complexity: easy (What does this mean?)

Policy as code identifier: EKS_INVALID_VALUE_DONOOTSCHEDULE

This rule will fail

If whenUnsatisfiable is set to DoNotSchedule:

spec:
  topologySpreadConstraints:
  - maxSkew: 1
    topologyKey: zone
    whenUnsatisfiable: DoNotSchedule
    labelSelector:
      matchLabels:
        app: foo

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent pods from becoming unschedulable [1 occurrence]
💡 Incorrect value for key `whenUnsatisfiable` - use a different value to ensure your pod does not become unschedulable

How to fix this failure

spec:
  topologySpreadConstraints:
  - maxSkew: 1
    topologyKey: zone
    whenUnsatisfiable: ScheduleAnyway
    labelSelector: 
      matchLabels:
        app: foo

EKS best practices

This rule will fail​

Rule output in the CLI​

How to fix this failure​

Read more​

This rule will fail

Rule output in the CLI

How to fix this failure

Read more