Skip to content

hustshawn/k8s-pod-zone-awareness

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

Kubernetes Zone Awareness with Kyverno

This repository contains a Kyverno policy that automatically injects Availability Zone (AZ) information into Kubernetes pods as environment variables.

Overview

The Kyverno mutating webhook automatically adds the AVAILABILITY_ZONE environment variable to all containers in pods, making zone information available to applications without requiring any code changes.

Files

  • az-env-injector-final.yaml: Kyverno policy that injects the AZ information as an environment variable
    • Includes ServiceAccount, ClusterRole, and ClusterRoleBinding for RBAC permissions
    • Contains the ClusterPolicy for pod mutation
  • test-nginx-deployment.yaml: Sample nginx deployment for testing

How It Works

The policy works in two steps:

  1. Init Container: Fetches the availability zone information

    • Gets the node name where the pod is scheduled
    • Queries the node for its availability zone using the topology.kubernetes.io/zone label
    • Adds this information as an annotation to the pod
    • Uses a dedicated ServiceAccount with appropriate RBAC permissions
  2. Environment Variable Injection:

    • Adds the AVAILABILITY_ZONE environment variable to all containers
    • References the pod annotation value

This approach:

  • Directly exposes the zone information as an environment variable
  • Works across all container types (including pods created by Deployments, StatefulSets, DaemonSets, etc.)
  • Requires no changes to application code
  • Each pod gets its own AZ information based on where it's scheduled
  • Properly handles RBAC permissions for accessing node information

Installation

  1. Install Kyverno:
kubectl create -f https://github.com/kyverno/kyverno/releases/download/v1.10.0/install.yaml
  1. Apply the policy:
kubectl apply -f az-env-injector-final.yaml

Testing

With a Deployment

  1. Deploy the test deployment:
kubectl apply -f test-nginx-deployment.yaml
  1. Verify the environment variable is set in each pod:
# Get all pod names from the deployment
kubectl get pods -l app=nginx-test

# Check environment variable in each pod
kubectl exec -it <pod-name> -- env | grep AVAILABILITY_ZONE

Expected output:

AVAILABILITY_ZONE=us-east-1a

Requirements

  • Kubernetes cluster with Kyverno installed
  • The topology.kubernetes.io/zone label must be set on nodes
    • For EKS clusters, this label is automatically set
    • For other clusters, ensure the label is properly configured

Customization

If you need to modify how the zone information is obtained or used:

  • Edit the init container script in az-env-injector-final.yaml to change how the zone is fetched
  • Modify the environment variable name if you need a different variable name than AVAILABILITY_ZONE

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published