Required: Mark one of the following that is applicable:
[ ] kind/feature
[x] kind/improvement
[ ] kind/deprecation
[ ] kind/documentation
[ ] kind/clean-up
[ ] kind/bug
[ ] kind/other
Optional: Mark one or more of the following that are applicable:
[!important]
Critical security fixes should be marked with kind/security
Breaking changes should be marked kind/admin-change or kind/dev-change depending on type
[x] kind/admin-change
[x] kind/dev-change
[ ] kind/security
[ ] [kind/adr]()
Platform Administrator notice
The default topologySpreadConstraints for kube scheduler changed. You may want to review existing pod scheduling constraints that could now be redundant.
Application Developer notice
The default topologySpreadConstraints for kube scheduler changed. You may want to review existing pod scheduling constraints that could now be redundant.
Tested by verifying that after a kubespray run, /etc/kubernetes/kubescheduler-config.yaml has the added config and kube-scheduler starts without issue.
Launching a deployment with varying numbers of replicas result in pods evenly distributed across worker nodes with a skew of at most 1 when replicas are not evenly divisible by the number of nodes.
Screenshots
Checklist
[x] Proper commit message prefix on all commits
Change checks:
[x] The change is transparent
[ ] The change is disruptive
[ ] The change requires no migration steps
[x] The change requires migration steps
Metrics checks:
[ ] The metrics are still exposed and present in Grafana after the change
[ ] The metrics names didn't change (Grafana dashboards and Prometheus alerts are not affected)
[ ] The metrics names did change (Grafana dashboards and Prometheus alerts were fixed)
Logs checks:
[ ] The logs do not show any errors after the change
Network Policy checks:
[ ] Any changed pod is covered by Network Policies
[ ] The change does not cause any dropped packages in the NetworkPolicy Dashboard
Pod Security Policy checks:
[ ] Any changed pod is covered by Pod Security Admission
[ ] Any changed pod is covered by Gatekeeper Pod Security Policies
[ ] The change does not cause any pods to be blocked by Pod Security Admission or Policies
Falco checks:
[ ] The change does not cause any alerts to be generated by Falco
What kind of PR is this?
Required: Mark one of the following that is applicable:
Optional: Mark one or more of the following that are applicable:
Platform Administrator notice
The default
topologySpreadConstraintsfor kube scheduler changed. You may want to review existing pod scheduling constraints that could now be redundant.Application Developer notice
The default
topologySpreadConstraintsfor kube scheduler changed. You may want to review existing pod scheduling constraints that could now be redundant.What does this PR do / why do we need this PR?
We want to provide saner pod scheduling defaults.
Additional information to reviewers
Tested by verifying that after a kubespray run,
/etc/kubernetes/kubescheduler-config.yamlhas the added config andkube-schedulerstarts without issue. Launching adeploymentwith varying numbers of replicas result in pods evenly distributed across worker nodes with a skew of at most 1 when replicas are not evenly divisible by the number of nodes.Screenshots
Checklist
NetworkPolicy Dashboard