💡 Big News! 🧙 AI Wizard - Instant Page Insights is Here : Explore Smarter, Friendlier Solutions Just for You →
Kubernetes
CKAD
Taintstoleration

✅ Summary Table: Taints vs Tolerations

ConceptNode Setting (Taint)Pod Setting (Toleration)
Taintskubectl taint nodes <node> <key>=<value>:<effect>❌ Not defined in pod spec (repels pods unless tolerated)
Tolerations❌ Not applicable (defined in pods only)tolerations: - key, value, effect, operator in pod spec

🧠 What Are Taints and Tolerations?

  • Taints: Mark nodes to repel pods unless those pods have the matching toleration.
  • Tolerations: Pods use tolerations to "tolerate" the taint and be scheduled on tainted nodes.

🔷 1. Taint on Node

This command taints a node to only accept pods with the key dedicated=ml:

kubectl taint nodes node1 dedicated=ml:NoSchedule

⛔️ Any pod without a matching toleration will not be scheduled on node1.

🔷 2. Toleration in Pod

▶ Example Pod with Matching Toleration

apiVersion: v1
kind: Pod
metadata:
  name: ml-pod
spec:
  tolerations:
  - key: "dedicated"
    operator: "Equal"
    value: "ml"
    effect: "NoSchedule"
  containers:
  - name: ml-container
    image: tensorflow/tensorflow

✅ Result: This pod can be scheduled on the tainted node.

▶ Example Pod Without Toleration

apiVersion: v1
kind: Pod
metadata:
  name: generic-pod
spec:
  containers:
  - name: app
    image: nginx

⛔️ Result: This pod cannot be scheduled on the node tainted with dedicated=ml:NoSchedule.

🔁 Types of Taint Effects

EffectDescription
NoScheduleDo not allow scheduling unless pod has matching toleration
PreferNoScheduleTry to avoid scheduling unless tolerated (soft rule)
NoExecuteEvict already running pods unless tolerated

🧪 NoExecute Taint Example (Evicts Pods)

Taint the node:

kubectl taint nodes node1 key1=value1:NoExecute

Toleration with tolerationSeconds (only tolerate for 60s)

apiVersion: v1
kind: Pod
metadata:
  name: toleration-pod
spec:
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"
    effect: "NoExecute"
    tolerationSeconds: 60
  containers:
  - name: app
    image: nginx

✅ Result: Pod can run on the node but will be evicted after 60s if taint is not removed.

🧩 Summary Comparison

FeatureTaints (Node)Tolerations (Pod)
Defined OnNodePod
PurposeRepel certain podsAllow pods to tolerate taints
Required Fieldskey=value:effectkey, operator, value, effect (optionally tolerationSeconds)
Effect TypesNoSchedule, PreferNoSchedule, NoExecuteMust match effect to tolerate
Default BehaviorPods are repelled by defaultPods must explicitly tolerate taints
ResourcelimitrequestquotaInfo
🧙 AI Wizard - Instant Page Insights

Click the button below to analyze this page.
Get an AI-generated summary and key insights in seconds.
Powered by Perplexity AI!