diff --git a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2
index 1ee780b..307a2cc 100644
--- a/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2
+++ b/ansible/roles/antivirus_check_service/templates/scanfile-deployment.yml.j2
@@ -66,3 +66,40 @@ spec:
       volumes:
       - name: shared
         emptyDir: {}
+{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 9
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/part-of
+                  operator: In
+                  values:
+                  - schulcloud-verbund
+              topologyKey: "kubernetes.io/hostname"
+              namespaceSelector: {}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
+          - weight: 10
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - scanfile
+              topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
+{% endif %}
+          - weight: 20
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - scanfile
+              topologyKey: "topology.kubernetes.io/zone"
+{% endif %}
diff --git a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2 b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2
index 8c3f602..421f8e9 100644
--- a/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2
+++ b/ansible/roles/antivirus_check_service/templates/web-deployment.yml.j2
@@ -63,3 +63,40 @@ spec:
           requests:
             cpu: {{ ANTIVIRUS_WEBSERVER_CPU_REQUESTS|default("100m", true) }}
             memory: {{ ANTIVIRUS_WEBSERVER_MEMORY_REQUESTS|default("128Mi", true) }}
+{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 9
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/part-of
+                  operator: In
+                  values:
+                  - schulcloud-verbund
+              topologyKey: "kubernetes.io/hostname"
+              namespaceSelector: {}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
+          - weight: 10
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - webserver
+              topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
+{% endif %}
+          - weight: 20
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - webserver
+              topologyKey: "topology.kubernetes.io/zone"
+{% endif %}