Spread Pods Across Nodes & Zones

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: topologyspreadconstraints-policy
 5  annotations:
 6    kyverno.io/kubernetes-version: "1.22-1.23"
 7    kyverno.io/kyverno-version: 1.8.0
 8    policies.kyverno.io/category: Sample
 9    policies.kyverno.io/description: >-
10      Deployments to a Kubernetes cluster with multiple availability zones often need to
11      distribute those replicas to align with those zones to ensure site-level failures
12      do not impact availability. This policy ensures topologySpreadConstraints are defined, 
13      to spread pods over nodes and zones. Deployments or Statefulsets with leass than 3 
14      replicas are skipped.      
15    policies.kyverno.io/minversion: 1.8.0
16    policies.kyverno.io/severity: medium
17    policies.kyverno.io/subject: Deployment, StatefulSet
18    policies.kyverno.io/title: Spread Pods Across Nodes & Zones
19spec:
20  background: true
21  failurePolicy: Ignore
22  validationFailureAction: audit
23  rules:
24    - name: spread-pods
25      match:
26        any:
27          - resources:
28              kinds:
29                - Deployment
30                - StatefulSet
31      preconditions:
32        all:
33          - key: "{{ request.object.spec.replicas }}"
34            operator: GreaterThanOrEquals
35            value: 3
36      validate:
37        message: "topologySpreadConstraint for kubernetes.io/hostname & topology.kubernetes.io/zone are required"
38        deny:
39          conditions:
40            any:
41              - key: "{{request.object.spec.template.spec.topologySpreadConstraints[?topologyKey=='kubernetes.io/hostname' || topologyKey=='topology.kubernetes.io/zone'] || `[]` | length(@) }}"
42                operator: NotEquals
43                value: 2