coredns: Enforce topologySpreadConstraints

2025-07-04 14:44:19 +03:00 · 2025-07-04 14:44:19 +03:00 · 6820d751ed
parent ce3c7b4ec5
commit 6820d751ed
2 changed files with 7 additions and 5 deletions
--- a/upup/models/cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.12.yaml.template
@ -145,16 +145,18 @@ spec:
 {{ ToYAML .KubeDNS.Affinity | indent 8 }}
 {{- end }}
      topologySpreadConstraints:
+{{- if ne GetCloudProvider "metal" }}
+      # Metal provider doesn't add the "topology.kubernetes.io/zone" label
      - maxSkew: 1
        topologyKey: "topology.kubernetes.io/zone"
-        whenUnsatisfiable: ScheduleAnyway
+        whenUnsatisfiable: DoNotSchedule
        labelSelector:
          matchLabels:
            k8s-app: kube-dns
+{{- end }}
      - maxSkew: 1
        topologyKey: "kubernetes.io/hostname"
-        # Normally we use DoNotSchedule here, but because CoreDNS autoscales, we cannot guarantee this constraint can be satisfied
-        whenUnsatisfiable: ScheduleAnyway
+        whenUnsatisfiable: DoNotSchedule
        labelSelector:
          matchLabels:
            k8s-app: kube-dns
--- a/upup/models/cloudup/resources/addons/coredns.addons.k8s.io/values.yaml
+++ b/upup/models/cloudup/resources/addons/coredns.addons.k8s.io/values.yaml
@ -5,14 +5,14 @@ topologySpreadConstraints:
        app.kubernetes.io/instance: '{{ .Release.Name }}'
    topologyKey: topology.kubernetes.io/zone
    maxSkew: 1
-    whenUnsatisfiable: ScheduleAnyway
+    whenUnsatisfiable: DoNotSchedule
  - labelSelector:
      matchLabels:
        app.kubernetes.io/name: '{{ template "coredns.name" . }}'
        app.kubernetes.io/instance: '{{ .Release.Name }}'
    topologyKey: kubernetes.io/hostname
    maxSkew: 1
-    whenUnsatisfiable: ScheduleAnyway
+    whenUnsatisfiable: DoNotSchedule

 autoscaler:
  enabled: true