Taints and Tolerations
Definition
Taints and tolerations are mechanisms in Kubernetes used to control the scheduling of pods onto nodes. Taints are applied to nodes and prevent pods from being scheduled unless the pod has a matching toleration. This ensures that only specific pods can run on certain nodes, which is useful for isolating workloads, managing resource allocation, and maintaining security boundaries.
Secure Settings Example
apiVersion: v1
kind: Node
metadata:
name: example-node
spec:
taints:
- key: "example-key"
value: "example-value"
effect: "NoSchedule"
---
apiVersion: v1
kind: Pod
metadata:
name: example-pod
spec:
tolerations:
- key: "example-key"
operator: "Equal"
value: "example-value"
effect: "NoSchedule"
Insecure Settings Example
apiVersion: v1
kind: Node
metadata:
name: insecure-node
spec:
taints:
- key: "example-key"
value: "example-value"
effect: "NoSchedule"
---
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
# Missing tolerations, causing the pod to be unschedulable on the node