In Kubernetes, we can decide to prevent certain pods to run in a specific node. We make use of taints and tolerations to achieve this effect.


What is a taint?

A taints is a key-value pair with a taint effect attached to it. The taint effect can be NoSchedule, PreferNoSchedule or NoExecute .

When the taint effect is NoSchedule, Kubernetes won’t place pods that are intolerant to the taint on the node.

When the taint effect is PreferNoSchedule, Kubernetes will try to not place pods that are intolerant to the taint on the node.

Taint effect NoExecute is more powerful. When such taint effect is set, Kubernetes will evict running pods that are intolerant to the taint on the node and won’t place new pods into the same node.

How do we place a taint on a node?

kubectl taint node name-of-node key=value:effect
aliilman$ kubectl taint node minikube user=me:NoExecute
node/minikube tainted
aliilman$ k describe node minikube | grep Taint
Taints:             user=me:NoExecute


What is a toleration?

A toleration is something that makes the pod tolerant to taint(s) on the node. This is how the logs will look if a pod is intolerant to the taint placed on the minikube node.

Screenshot 2020-10-25 at 17.53.34.png

How do we add a toleration to a pod?

apiVersion: v1
kind: Pod
  name: my-pod
  # containers
  - key: 'key'
    operator: 'operator'
    effect: 'effect'

    # When operator is 'Equal'
    value: 'value'

    # When operator is 'Exists'
    # No value property is needed. It basically checks for the existence of the key

So to make the pod in the above screenshot tolerant to the taint on the minikube node, we do this.

  - key: 'user'
    operator: 'Equal'
    value: 'me'
    effect: 'NoExecute'

Screenshot 2020-10-25 at 17.56.19.png