Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Update the taints on one or more nodes in Kubernetes

Spread the Knowledge

What is meaning of taint?

a trace of a bad or undesirable substance or quality.

What is tainted?

spoiled; damaged in quality, taste, or value:

Follwing are workload which run in a cluster’s node….

  • DaemonSet
  • Deployment
  • Pod
  • ReplicaSet
  • ReplicationController
  • StatefulSet

When you submit a workload, The scheduler determines where to place the Pods associated with the workload. The scheduler is free to place a Pod on any node that satisfies the Pod’s CPU, memory, and custom resource requirements.

If your cluster runs a variety of workloads, you might want to exercise some control over which workloads can run on a particular pool of nodes.

A node taint lets you mark a node so that the scheduler avoids or prevents using it for certain Pods. A complementary feature, tolerations, lets you designate Pods that can be used on “tainted” nodes.

A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.

The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters. The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.

The effect must be NoSchedule, PreferNoSchedule or NoExecute. Currently taint can only apply to node. Here are the available effects:

  • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node.
  • PreferNoSchedule: Kubernetes avoids scheduling Pods that do not tolerate this taint onto the node.
  • NoExecute: Pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.

Adding / Inspecting / Removing a taint to an existing node using NoSchedule


# Update node 'node1' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'.
# Adding a taint to an existing node using NoSchedule
$ kubectl taint nodes node1 dedicated=special-user:NoSchedule

Inspecting a node’s taints


$ kubectl describe nodes node1 | grep -i taint
$ kubectl run nginx --image=nginx --replicas=8
$ kubectl get pod -o wide

Removing a taint from a node. Remove from node ‘node1’ the taint with key ‘dedicated’ and effect ‘NoSchedule’ if one exists.


$ kubectl taint nodes node1 dedicated:NoSchedule-
$ kubectl taint nodes ip-172-31-24-84.ap-south-1.compute.internal node-role.kubernetes.io/master:NoSchedule-

Adding / Inspecting / Removing a taint to an existing node using PreferNoSchedule


Add a taint with key 'dedicated' on nodes having label mylabel=X
$ kubectl taint node -l myLabel=X  dedicated=foo:PreferNoSchedule
$ kubectl taint node node1 dedicated=foo:PreferNoSchedule

Inspecting a node's taints
$ kubectl describe nodes node1 | grep -i taint
$ kubectl run nginx --image=nginx --replicas=8
$ kubectl get pod -o wide

Removing a taint from a node
$ kubectl taint nodes node1 dedicated:PreferNoSchedule-

Adding / Inspecting / Removing a taint to an existing node using NoExecute


$ kubectl taint nodes node2 node2=DoNotSchedulePods:NoExecute

Inspecting a node's taints
$ kubectl describe nodes node2 | grep Taint
# Because of that, all the pods on node2 are terminated and created on node3.
$ kubectl run nginx --image=nginx --replicas=8
$ kubectl get pod -o wide

Removing a taint from a node
$ kubectl taint nodes node2 node2:NoExecute-
$ kubectl describe nodes node2 | grep Taint

# Add to node 'foo' a taint with key 'bar' and no value
$ kubectl taint nodes foo bar:NoSchedule

Let’s verify the status of Taints on Master Node.
$ kubectl describe nodes node1 | grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule

Untaint the node and verify as below:


$ kubectl taint nodes --all node-role.kubernetes.io/master-
$ kubectl describe nodes node1 | grep -i taint

Run Test deployment in Untaint Node
$ kubectl run testsvr --image=nginx --replicas=7
$ kubectl get pods -o wide | grep testsvr

Untaint the setting on node2


$ kubectl taint nodes node3 node3=DoNotSchedulePods:NoSchedule
$ kubectl describe nodes node3 | grep Taint
$ kubectl run nginx --image=nginx --replicas=8

By default, kubernetes cluster will not schedule pods on the master node for security reasons. But if we would like to be able to schedule pods on the master node, e.g: for a single-node kubernetes cluster for testing and development purposes, we can run following commands.

$ kubectl taint nodes ip-172-31-24-84.ap-south-1.compute.internal node-role.kubernetes.io/master:NoSchedule-
Rajesh Kumar