β οΈ Taints and Tolerations in Kubernetes
Taints prevent Pods from being scheduled onto certain nodes unless those Pods tolerate the taint. Itβs a way to repel unwanted workloads.
Tolerations are the Podβs way of saying, βIβm okay with that taint.β
β Why Use Taints & Tolerations?
- Dedicate nodes for specific workloads (e.g., GPU jobs, system services)
- Prevent scheduling critical apps on generic nodes
- Enforce workload separation
𧱠How Taints Work
Taints are applied to nodes:
kubectl taint nodes <node-name> key=value:effect
Effects:
| Effect | Description |
|---|---|
NoSchedule |
Pod wonβt be scheduled unless it tolerates taint |
PreferNoSchedule |
Tries to avoid, but not guaranteed |
NoExecute |
Evicts existing pods without toleration |
π§ Example: Apply Taint
kubectl taint nodes node1 dedicated=gpu:NoSchedule
This means: Only Pods with a matching toleration can run on node1.
π©Ή Example: Pod With Toleration
apiVersion: v1
kind: Pod
metadata:
name: gpu-pod
spec:
containers:
- name: gpu-app
image: busybox
command: ["sleep", "3600"]
tolerations:
- key: "dedicated"
operator: "Equal"
value: "gpu"
effect: "NoSchedule"
π€ Remove Taint
kubectl taint nodes node1 dedicated=gpu:NoSchedule-
The
-at the end removes the taint.
π€ Use Cases
| Use Case | Taint Command Example |
|---|---|
| Reserve nodes for GPU apps | dedicated=gpu:NoSchedule |
| Evict Pods on node shutdown | key=value:NoExecute |
| Prefer node for a workload | key=value:PreferNoSchedule |
π View Node Taints
kubectl describe node <node-name>
Look for Taints: section in the output.
β Summary
| Concept | Applied To | Purpose |
|---|---|---|
| Taint | Node | Repel unwanted Pods |
| Toleration | Pod | Allows Pod to schedule on tainted node |
- Taints repel pods
- Tolerations allow pods to be scheduled anyway
- Common for dedicated infrastructure, node pools, or eviction control