Taints and Tolerations in Kubernetes (And a Way to Never Forget Them)
If you’ve ever run into scheduling issues in Kubernetes, chances are you’ve been bitten by taints and tolerations. It’s one of those things that clicks once you get it but until then, it can be a proper head-scratcher.
Let’s demystify them. Quickly. And I’ll share a memory trick that helps me keep them straight.
🚧 What Are Taints?
Taints are like saying:
“Oi, only certain pods are allowed here!”
They repel pods from a node unless the pod says “It’s okay, I can handle this.”
When you taint a node, you’re essentially giving it a warning label.
For example:
kubectl taint nodes controlplane dedicated:NoSchedule
This means:
“This node is dedicated. Don’t schedule any pods here unless they tolerate this taint.”
You’ll see this in use a lot on control-plane nodes to prevent general workloads from landing there.
✅ What Are Tolerations?
Tolerations are what pods use to say:
“I’m cool with that taint.”
Here’s what it looks like in a pod spec:
tolerations:
- key: "dedicated"
operator: "Equal"
value: "true"
effect: "NoSchedule"
This pod says: “I understand the node is dedicated, but I’ve been approved to run there.”
⛔ Types of Taint Effects
| Effect | What it means |
|---|---|
NoSchedule | Don’t schedule here unless tolerated |
PreferNoSchedule | Avoid if possible, but not strict |
NoExecute | Evict running pods unless tolerated |
🔁 How to Remove a Taint
This tripped me up recently:
kubectl taint nodes controlplane dedicated:NoSchedule-
Notice the hyphen at the end. That removes the taint.
If you run it again, Kubernetes will say:
“Taint not found.”
Because it’s already gone. That error’s expected.
🧠 Easy Way to Remember It
Here’s the memory trick I use:
“Taints push away. Tolerations make peace.”
Imagine a bouncer at the door (the node).
Only pods with the right toleration get let in past the taint.
💬 Final Thoughts
If your pod isn’t getting scheduled, and you’re scratching your head, always check:
kubectl describe node <node-name>
Scroll to the Taints section and see what rules are in place.
Then:
- Either remove the taint from the node.
- Or add a toleration to the pod.
Your choice. But now you know why it’s happening.