Scheduling: Taints & Tolerations

Key Takeaways for AI & Readers

• Node Repulsion: Taints allow nodes to repel Pods that do not specifically "tolerate" the taint.
• Pod Permission: Tolerations allow Pods to be scheduled on nodes with matching taints, though they do not guarantee it.
• Isolation Use Cases: Common patterns include isolating specialized hardware (GPUs) or protecting Control Plane nodes from user workloads.
• Node Maintenance: Taints are essential for marking nodes as "off-limits" during maintenance or drainage operations.

Kubernetes Scheduling is about finding the right node for a Pod. One mechanism for this is Taints and Tolerations.

• Taint: Applied to a Node. It says "Do not schedule anything here unless it has a special key."
• Toleration: Applied to a Pod. It says "I have the key! I am allowed to schedule here."

Interactive Scheduling

Try scheduling different types of Pods and see where they land.

Schedule Pod:

Pending Queue

Node 1 (No Taint)

Node 2 (Taint: Blue)

Node 3 (Taint: Red)

React Flow

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

Observe: Standard Pods will ONLY go to Node 1. Blue Pods can go to Node 1 OR Node 2. Red Pods can go to Node 1 OR Node 3.

Use Cases

1. Dedicated Hardware: Taint a node with GPUs so that only Pods that need GPUs (and have the toleration) schedule there.
2. Node Maintenance: Before maintenance, you can add a NoSchedule taint to drain the node.
3. Master/Control Plane: Control plane nodes usually have a taint so that user workloads don't accidentally run on them.

YAML Example

Node Taint

kubectl taint nodes node1 app=blue:NoSchedule

Pod Toleration

apiVersion: v1
kind: Pod
metadata:
  name: blue-pod
spec:
  tolerations:
  - key: "app"
    operator: "Equal"
    value: "blue"
    effect: "NoSchedule"
  containers:
  - name: nginx
    image: nginx