Taint && Tolerations

Taint && Tolerations are used to restrict nodes which pods to accept.

Taint ———————→ for Nodes

Tolerations ——————→ For pods

Nodes accept pod that tolerate its taints.

How to check if your node is tainted ?

$ kubectl describe node node_name | grep Taint

How To taint node ?

$ kubectl taint nodes node_name key=value:taint_effect

What is taint_effect?

What happens to pod that not tolerate this taint

taint_effect types ?

NoSchedule —————→ pod will not schedule on this node
PrefernoSchedule —————> k8s will avoid scheduling pods on this node
NoExecute ————————> New pods not tolerate this taint will not scheduled on this node , but existing pods if not tolerate taint will be evicted from node.

Create a taint on node01 with key of spray, value of mortein and effect of NoSchedule

kubectl taint nodes node01 spray=mortein:No Schedule

Create a new pod with the nginx image and pod name as mosquito.

$ kubectl run mosquito --image=nginx

Create another pod named bee with the nginx image, which has a toleration set to the taint mortein.

apiVersion: v1

kind: Pod

metadata:

name: bee

spec:

containers:

- name: c1

image: nginx

tolerations:

- key: "spray"

operator: "Equal"

value: "mortein"

effect: "NoSchedule"

bee pod is scheduled on node01 because its tolerate node01 taint.

Remove the taint on controlplane, which currently has the taint effect of NoSchedule.

how to untaint node ?

$ kubectl aint nodes node_name key=value:taint_effect-

Key here in taint && toleration

node must has taint ———→ then pod tolerations tolerate node taint to be accepted on node.Plhh

Please node that master node on cluster is tainted with effect NoSchedule so that no pods are scheduled on control plane.