Challenge, Medium,  on  Kubernetes

Place One Pod per Node Without Using a DaemonSet

Omkar Shelke
by  Omkar Shelke

Scenario

You are working in the aws-ecr namespace on a Kubernetes cluster with two worker nodes.

An application must be deployed with three replicas, but the design requires that no more than one Pod runs on the same worker node — to spread the application across nodes for resilience.

A DaemonSet must not be used to achieve this behavior — DaemonSets are designed for a different use case (one pod per node automatically, tied to node lifecycle) and do not support replica counts or rolling update strategies the same way a Deployment does.

Task

  1. Create a Deployment named ecr-deployment with 3 replicas in the aws-ecr namespace
  2. Apply the following labels to the Deployment and Pod template:
    • app: ecr-app
    • tier: backend
  3. Configure the Deployment with two containers:
    • eks-container1 using image public.ecr.aws/docker/library/httpd:alpine
    • eks-container2 using image public.ecr.aws/eks-distro/kubernetes/pause:3.10.1
  4. Ensure no more than one Pod from this Deployment runs on the same worker node — use topologyKey: kubernetes.io/hostname to achieve this
  5. With 2 worker nodes and 3 replicas, the third Pod has nowhere to go. Verify the resulting scheduling behavior:
    • 2 Pods should be in the Running state
    • 1 Pod should remain in the Pending state
Hint 1 — Spreading Pods Across Nodes

Kubernetes provides Pod Anti-Affinity to control which nodes a Pod can or cannot be scheduled on relative to other Pods. To ensure no two Pods from the same Deployment land on the same node, use podAntiAffinity with requiredDuringSchedulingIgnoredDuringExecution.

The topologyKey: kubernetes.io/hostname tells the scheduler to treat each node as a separate topology domain — meaning Pods matching the labelSelector cannot share the same node.

spec:
  template:
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app: ecr-app
            topologyKey: kubernetes.io/hostname

Documentation

Hint 2 — Why the Third Pod Stays Pending

requiredDuringSchedulingIgnoredDuringExecution is a hard requirement — the scheduler will not place a Pod on a node if doing so violates the anti-affinity rule, even if no other node has room. With 2 worker nodes and replicas: 3, the third Pod has no valid node left and will remain Pending indefinitely. This is expected behavior, not a misconfiguration.

kubectl get pods -n aws-ecr -o wide
kubectl describe pod -n aws-ecr -l app=ecr-app | grep -A5 Events

The FailedScheduling event on the pending Pod will explicitly mention the anti-affinity constraint as the reason no node was available.

Documentation

Test Cases

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge place-one-pod-per-node-without-using-a-daemonSet-a8580f90

This will create a local copy of the challenge content in a directory named place-one-pod-per-node-without-using-a-daemonSet-a8580f90. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge place-one-pod-per-node-without-using-a-daemonSet-a8580f90

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge