Node Taints

Mark a node so that pods are not scheduled onto it unless they tolerate the taint.

Taints are a way of marking a node so that pods are not scheduled onto it unless they explicitly tolerate the taint. This can be useful for various purposes, such as ensuring that certain nodes are reserved for specific types of workloads, or to isolate nodes for maintenance or other operational reasons.

How Taints Work:

  • Taint on Node: A taint on a node places a condition that prevents pods from being scheduled on that node, unless the pod has a matching toleration.
  • Syntax of a Taint: A taint consists of a key, value, and effect. The effect dictates what happens to pods that do not tolerate the taint.
    • For example, key=value:effect.

Effects of Taints:

  • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node.
  • PreferNoSchedule: Kubernetes will try to avoid placing a pod that doesn’t tolerate the taint on the node, but it is not guaranteed.
  • NoExecute: Any pod that does not tolerate this taint is evicted from the node if it is already running on the node, and it is not scheduled on the node in the future.

Example usage:

  • Key-Value Pair: The key-value pair (app=web-app) is chosen to specifically relate to a web application. This makes it clear that the taint is associated with the web application nodes.
  • Effect (NoSchedule): The effect NoSchedule means that no pod will be scheduled on the node with this taint unless it has a toleration that matches the taint. This is useful for ensuring that these nodes are dedicated to your web application.
taints = [
 {
   key    = "app"
   value  = "web-app"
   effect = "NoSchedule"
 },
]
Last modified July 21, 2024: update (e2ae86c)