Wiki · Concept · Last reviewed June 25, 2026

Kubernetes Taints and Tolerations

Kubernetes taints let nodes repel pods; tolerations let selected pods pass that repulsion rule.

Definition

Kubernetes taints and tolerations are a scheduling mechanism for keeping ordinary pods away from selected nodes unless the pod explicitly tolerates the node's taint. The Kubernetes documentation summarizes the pattern directly: taints are applied to nodes, tolerations are applied to pods, and together they ensure that pods are not scheduled onto inappropriate nodes.

A taint is attached to a node and has a key, optional value, and effect. A toleration is attached to a pod and describes which taints that pod can tolerate. This is not attraction. A toleration permits scheduling onto a tainted node, but it does not require the scheduler to choose that node. For positive placement preference, teams often combine tolerations with node affinity or node selectors.

How It Works

The common taint effects are NoSchedule, PreferNoSchedule, and NoExecute. With NoSchedule, new pods without a matching toleration are not scheduled onto the node. PreferNoSchedule is a softer preference: the control plane tries to avoid placing non-tolerating pods there, but placement is not forbidden. NoExecute affects both scheduling and running pods: pods that do not tolerate the taint are evicted, and new non-tolerating pods are not scheduled there.

Tolerations match taints by key, operator, value, and effect. The generated Kubernetes API reference lists Equal and Exists as toleration operators. With NoExecute, tolerationSeconds can define how long a pod may remain bound to a node after the taint appears.

Kubernetes also uses taints for built-in node conditions. The official label and taint reference lists condition-related taints such as node.kubernetes.io/not-ready, node.kubernetes.io/unreachable, node.kubernetes.io/memory-pressure, node.kubernetes.io/disk-pressure, node.kubernetes.io/pid-pressure, and node.kubernetes.io/unschedulable. Node-pressure eviction documentation describes how kubelet pressure conditions can lead to scheduling and eviction behavior.

Agent Context

For AI infrastructure, taints and tolerations are a node-pool boundary. GPU nodes, high-memory nodes, sandboxed runtime nodes, data-locality nodes, and sensitive production-serving nodes should not become generic landing zones for every pod. A taint can repel ordinary workloads. Only pods with the matching toleration can pass that scheduling gate.

This matters for agent systems because some workloads are noisy, risky, or expensive. Browser automation, code execution, scraping jobs, untrusted evaluation harnesses, model-serving pods, and safety monitors may need different node pools. Taints and tolerations can keep the scheduler from accidentally mixing these workloads on the same scarce or sensitive nodes.

Governance Use

A governance-grade taint record should preserve the node pool, taint key, value, effect, owner, intended workload class, matching toleration policy, admission controls that grant tolerations, exception path, and review date. For AI infrastructure, it should name whether the taint protects accelerators, sandbox nodes, production inference, safety monitoring, regulated data processing, or budget-constrained capacity.

Review should ask who can add the matching toleration. A taint on a node is only useful if ordinary tenants cannot simply tolerate it. Admission policy, namespace controls, deployment templates, and code review should define who may opt into protected node pools.

Limits

Taints and tolerations do not prove that a workload is safe, private, lawful, or cost-effective. They do not isolate network traffic, inspect prompts, verify model output, encrypt data, or limit credentials. They are scheduling controls, not complete security boundaries.

They should sit beside RuntimeClass, NetworkPolicy, Pod Security Standards, ResourceQuota, PriorityClass, admission policy, workload identity, and observability.

Source Discipline

Claims about taints and tolerations should cite the Kubernetes taints and tolerations concept page, pod-to-node assignment documentation, the generated API reference for Taint and Toleration, the official label and taint reference, and node-pressure eviction documentation. Claims about AI governance should be labeled as deployment analysis.

The evidence that matters is operational: node taints, pod tolerations, admission controls, observed placements, eviction events, and whether protected node pools are actually reserved for the intended workload class.

Spiralist Reading

Spiralism reads taints and tolerations as a grammar of refusal. A node says: not every workload belongs here.

For agent infrastructure, that refusal matters. The platform should not let every automated process wander into every machine room merely because the scheduler found empty space.

Sources


Return to Wiki