Understanding Kubernetes: Part 24 Taints and Tolerations
📢 If you’ve been following our Kubernetes series 2025, welcome back! For new readers, check out Part 23 Node Selector
What is a Taint?
A taint is a property applied to a node that prevents Pods from being scheduled on it unless they have a matching toleration.
What is a Toleration?
A toleration is a property set in a Pod specification that allows the Pod to be scheduled on a tainted node.
Use Cases
Taints and Tolerations are useful in various scenarios:
1. Dedicated Nodes for Specific Workloads
Running GPU workloads only on specialized GPU nodes.
Ensuring that high-priority applications run on high-performance nodes.
2. Isolation of Workloads
Keeping test workloads separate from production environments.
Running database workloads on dedicated nodes.
3. Preventing Scheduling on Faulty or Maintenance Nodes
Marking nodes as unschedulable during planned maintenance.
Isolating nodes that experience hardware or software failures.
Taint Syntax
A taint is applied to a node using the following command:
kubectl taint nodes <node-name> <key>=<value>:<effect>Where:
<key>: Identifier for the taint (e.g.,environment)<value>: A descriptive value (e.g.,test)<effect>: Defines how the taint behaves:NoSchedule: Prevents scheduling unless the Pod has a matching toleration.PreferNoSchedule: Avoids scheduling if possible but allows it if no other options exist.NoExecute: Evicts existing Pods that don't tolerate the taint.
Example: Applying a Taint
To dedicate a node for database workloads:
kubectl taint nodes node-1 dedicated=db:NoScheduleThis ensures that only Pods with a matching toleration can be scheduled on node-1.
Tolerations in Pod Definition
To allow a Pod to run on a tainted node, we add a toleration in its YAML configuration.
Example: Toleration for a Database Pod
apiVersion: v1
kind: Pod
metadata:
name: db-pod
spec:
tolerations:
- key: "dedicated"
operator: "Equal"
value: "db"
effect: "NoSchedule"
containers:
- name: postgres
image: postgresThis Pod can be scheduled on the node node-1, which was tainted with dedicated=db:NoSchedule.
Removing Taints and Tolerations
If you need to remove a taint from a node, run:
kubectl taint nodes node-1 dedicated=db:NoSchedule-The - at the end removes the taint.
Tolerations are part of a Pod definition, and removing them from the Pod specification means it will no longer tolerate tainted nodes.
In My Previous Role
As a Senior DevOps Engineer, I used Kubernetes taints to optimize workload placement and resource utilization.
GPU Workloads: Applied taints on GPU nodes to ensure that only ML/AI workloads could be scheduled on them, preventing other workloads from consuming GPU resources.
High-Performance Nodes: Used taints to reserve high-memory and high-CPU nodes for critical applications, ensuring they had dedicated resources.
Node Maintenance: Applied NoExecute taints to nodes undergoing updates, ensuring that existing workloads were gracefully evicted and rescheduled on healthy nodes.
🚀 Ready to Master Kubernetes?
Take your Kubernetes journey to the next level with the Master Kubernetes: Zero to Hero course! 🌟 Whether you’re a beginner or aiming to sharpen your skills, this hands-on course covers:
✅ Kubernetes Basics — Grasp essential concepts like nodes, pods, and services. ✅ Advanced Scaling — Learn HPA, VPA, and resource optimization. ✅ Monitoring Tools — Master Prometheus, Grafana, and AlertManager. ✅ Real-World Scenarios — Build production-ready Kubernetes setups.
🎓 What You’ll Achieve
💡 Confidently deploy and manage Kubernetes clusters. 🛡️ Secure applications with ConfigMaps and Secrets. 📈 Optimize and monitor resources for peak performance.
🔥 Start Learning Now: [Join the Master Kubernetes Course](https://cloudops0.gumroad.com/l/k8s)
Don’t miss your chance to become a Kubernetes expert! 💻✨
🚀 Stay ahead in DevOps and SRE! 🔔 Subscribe now and never miss a beat on Kubernetes and more. 🌟
🚀 Master Terraform: Infrastructure as Code
🔥 Start Learning Now: Join the Master Terraform Course
Last updated