diff --git a/k8s/awoooi-prod/05-deployment-web.yaml b/k8s/awoooi-prod/05-deployment-web.yaml index 640274d2..80cc9ed7 100644 --- a/k8s/awoooi-prod/05-deployment-web.yaml +++ b/k8s/awoooi-prod/05-deployment-web.yaml @@ -33,6 +33,16 @@ spec: system: awoooi environment: prod spec: + # 2026-06-13 Codex: 明確偏好跨 120 / 121 分散,但不在單節點維護時卡死 rollout。 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: awoooi-web + environment: prod + system: awoooi containers: - name: web # 映像標籤由 CI/CD 動態注入 (格式: {sha}-{run_id}) diff --git a/k8s/awoooi-prod/06-deployment-api.yaml b/k8s/awoooi-prod/06-deployment-api.yaml index d6f155ce..9f8a12eb 100644 --- a/k8s/awoooi-prod/06-deployment-api.yaml +++ b/k8s/awoooi-prod/06-deployment-api.yaml @@ -35,6 +35,16 @@ spec: system: awoooi environment: prod spec: + # 2026-06-13 Codex: 明確偏好跨 120 / 121 分散,但不在單節點維護時卡死 rollout。 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: awoooi-api + environment: prod + system: awoooi # Phase 7: 使用 RBAC ServiceAccount (最小權限) serviceAccountName: awoooi-executor automountServiceAccountToken: true diff --git a/k8s/awoooi-prod/08-deployment-worker.yaml b/k8s/awoooi-prod/08-deployment-worker.yaml index d8f2ad53..ea117d33 100644 --- a/k8s/awoooi-prod/08-deployment-worker.yaml +++ b/k8s/awoooi-prod/08-deployment-worker.yaml @@ -41,6 +41,16 @@ spec: environment: prod component: signal-processor spec: + # 2026-06-13 Codex: Worker 目前 min=1,但 HPA 擴到多副本時優先跨節點分散。 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: awoooi-worker + environment: prod + system: awoooi # ADR-038/039: Graceful Shutdown (Worker 需要 75 秒完成清理) serviceAccountName: awoooi-executor automountServiceAccountToken: true