blog
  • Blogs
    • Medium Articles
      • Linux
        • 40 Powerful Linux Networking Commands You Must Know.
        • These (Linux) VI Editor Shortcuts You Must Know
        • Bash/Linux Interview Questions for DevOps Engineers
        • Page 1
      • Git
        • 40 Powerful Git Commands Every Developer Should Know
        • 10 Git Best Practices That Every Developer Must Know
      • DevOps/SRE Interview Questions and Answers
        • Top DevOps/SRE Interview Questions and Answers on AWS VPC
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Terraform Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Kubernetes Best Practices
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Dockerfiles
        • Top 10 Common DevOps/SRE Interview Questions and Answers on Grafana
      • Installation
        • Docker Installation on Ubuntu 20/22
        • Install WireGuard VPN on Docker Compose
        • Install Redis on Docker Compose
        • Gravitee Docker Compose
      • Kubernetes Series 2025
        • Understanding Kubernetes: Part 1 -Control Plane
        • Understanding Kubernetes: Part 2 -Worker Node
        • Understanding Kubernetes: Part 3 -Pod
        • Understanding Kubernetes: Part 4-ReplicaSets
        • Understanding Kubernetes: Part 5 -Deployment
        • Understanding Kubernetes: Part 6 -DaemonSets
        • Understanding Kubernetes: Part 7 -StatefulSet
        • Understanding Kubernetes: Part 8 -ConfigMap
        • Understanding Kubernetes: Part 9 -Kubernetes Secret
        • Understanding Kubernetes: Part 10 -StorageClass
        • Understanding Kubernetes: Part 11 -Persistent Volume (PV)
        • Understanding Kubernetes: Part 12 -Persistent Volume Claim (PVC)
        • Understanding Kubernetes: Part 13 -Services
        • Understanding Kubernetes: Part 14 -ClusterIP Service
        • Understanding Kubernetes: Part 15 -NodePort Service
        • Understanding Kubernetes: Part 16 -Load Balancer Service
        • Understanding Kubernetes: Part 17 -Ingress
        • Understanding Kubernetes: Part 18 -Ingress Controller
        • Understanding Kubernetes: Part 19 -Headless Service
        • Understanding Kubernetes: Part 20-Network Policy
        • Understanding Kubernetes: Part 21 -CNI
        • Understanding Kubernetes: Part 22 Kubernetes Resource Requests & Limits
        • Understanding Kubernetes: Part 23 Node Selector
        • Understanding Kubernetes: Part 24 Taints and Tolerations
        • Understanding Kubernetes: Part 25 Affinity and Anti-Affinity
        • Understanding Kubernetes: Part 26 Preemption and Priority
        • Understanding Kubernetes: Part 27 Role and RoleBinding
        • Understanding Kubernetes: Part 28 ClusterRole and ClusterRoleBinding
        • Understanding Kubernetes: Part 29 Service Account
        • Understanding Kubernetes: Part 30 Horizontal Pod Autoscaler (HPA)
        • Understanding Kubernetes: Part 31 Vertical Pod Autoscaler (VPA)
        • Understanding Kubernetes: Part 33 Startup Probe
        • Understanding Kubernetes: Part 34 Liveness Probe
        • Understanding Kubernetes: Part 35 Readiness Probe
        • Understanding Kubernetes: Part 36 Container Network Interface (CNI)
        • Understanding Kubernetes: Part 37 Container Runtime Interface (CRI)
        • Understanding Kubernetes: Part 38 Container Storage Interface (CSI)
      • Cloudflare
        • Cloudflare Tunnel for Secure HTTP Routing
      • Nginx
        • Nginx use cases that every engineer must know
Powered by GitBook
On this page
  1. Blogs
  2. Medium Articles
  3. Kubernetes Series 2025

Understanding Kubernetes: Part 24 Taints and Tolerations

PreviousUnderstanding Kubernetes: Part 23 Node SelectorNextUnderstanding Kubernetes: Part 25 Affinity and Anti-Affinity

Last updated 3 months ago

📢 If you’ve been following our Kubernetes series 2025, welcome back! For new readers, check out

What is a Taint?

A taint is a property applied to a node that prevents Pods from being scheduled on it unless they have a matching toleration.

What is a Toleration?

A toleration is a property set in a Pod specification that allows the Pod to be scheduled on a tainted node.

Use Cases

Taints and Tolerations are useful in various scenarios:

1. Dedicated Nodes for Specific Workloads

  • Running GPU workloads only on specialized GPU nodes.

  • Ensuring that high-priority applications run on high-performance nodes.

2. Isolation of Workloads

  • Keeping test workloads separate from production environments.

  • Running database workloads on dedicated nodes.

3. Preventing Scheduling on Faulty or Maintenance Nodes

  • Marking nodes as unschedulable during planned maintenance.

  • Isolating nodes that experience hardware or software failures.

Taint Syntax

A taint is applied to a node using the following command:

kubectl taint nodes <node-name> <key>=<value>:<effect>

Where:

  • <key>: Identifier for the taint (e.g., environment)

  • <value>: A descriptive value (e.g., test)

  • <effect>: Defines how the taint behaves:

  • NoSchedule: Prevents scheduling unless the Pod has a matching toleration.

  • PreferNoSchedule: Avoids scheduling if possible but allows it if no other options exist.

  • NoExecute: Evicts existing Pods that don't tolerate the taint.

Example: Applying a Taint

To dedicate a node for database workloads:

kubectl taint nodes node-1 dedicated=db:NoSchedule

This ensures that only Pods with a matching toleration can be scheduled on node-1.

Tolerations in Pod Definition

To allow a Pod to run on a tainted node, we add a toleration in its YAML configuration.

Example: Toleration for a Database Pod

apiVersion: v1
kind: Pod
metadata:
  name: db-pod
spec:
  tolerations:
    - key: "dedicated"
      operator: "Equal"
      value: "db"
      effect: "NoSchedule"
  containers:
    - name: postgres
      image: postgres

This Pod can be scheduled on the node node-1, which was tainted with dedicated=db:NoSchedule.

Removing Taints and Tolerations

If you need to remove a taint from a node, run:

kubectl taint nodes node-1 dedicated=db:NoSchedule-

The - at the end removes the taint.

Tolerations are part of a Pod definition, and removing them from the Pod specification means it will no longer tolerate tainted nodes.

In My Previous Role

As a Senior DevOps Engineer, I used Kubernetes taints to optimize workload placement and resource utilization.

  • GPU Workloads: Applied taints on GPU nodes to ensure that only ML/AI workloads could be scheduled on them, preventing other workloads from consuming GPU resources.

  • High-Performance Nodes: Used taints to reserve high-memory and high-CPU nodes for critical applications, ensuring they had dedicated resources.

  • Node Maintenance: Applied NoExecute taints to nodes undergoing updates, ensuring that existing workloads were gracefully evicted and rescheduled on healthy nodes.

🚀 Ready to Master Kubernetes?

Take your Kubernetes journey to the next level with the Master Kubernetes: Zero to Hero course! 🌟 Whether you’re a beginner or aiming to sharpen your skills, this hands-on course covers:

✅ Kubernetes Basics — Grasp essential concepts like nodes, pods, and services. ✅ Advanced Scaling — Learn HPA, VPA, and resource optimization. ✅ Monitoring Tools — Master Prometheus, Grafana, and AlertManager. ✅ Real-World Scenarios — Build production-ready Kubernetes setups.

🎓 What You’ll Achieve

💡 Confidently deploy and manage Kubernetes clusters. 🛡️ Secure applications with ConfigMaps and Secrets. 📈 Optimize and monitor resources for peak performance.

Don’t miss your chance to become a Kubernetes expert! 💻✨

🚀 Master Terraform: Infrastructure as Code

🔥 Start Learning Now: Join the Master Terraform Course

🔥 Start Learning Now: [Join the Master Kubernetes Course]()

🚀 Stay ahead in DevOps and SRE! 🔔 and never miss a beat on Kubernetes and more. 🌟

https://cloudops0.gumroad.com/l/k8s
Subscribe now
Part 23 Node Selector