Taints and labels are essential for controlling pod scheduling in Kubernetes.
This guide covers tainting nodes, applying labels, and configuring tolerations in pod specifications.
To check your current nodes and their details, run:
kubectl get nodes -o wide
✅ Example Output:
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP
ip-172-32-10-60.us-west-1.compute.internal Ready <none> 56m v1.24.9-eks-49d8fe8 172.32.10.60 54.176.164.188
ip-172-32-25-11.us-west-1.compute.internal Ready <none> 56m v1.24.9-eks-49d8fe8 172.32.25.11 54.177.106.52
Taints prevent unwanted pods from running on specific nodes.
📌 Syntax:
kubectl taint nodes <node-name> key=value:Effect
kubectl taint nodes ip-172-32-10-60.us-west-1.compute.internal app=aerospike:NoSchedule
kubectl taint nodes ip-172-32-25-11.us-west-1.compute.internal app=aerospike:NoSchedule
✅ Effect Options:
NoSchedule: Pods without a matching toleration will not be scheduled on the node.PreferNoSchedule: Kubernetes will try to avoid scheduling pods here but won't force it.NoExecute: Existing pods will be evicted unless they tolerate the taint.Labels help assign workloads to specific nodes.
📌 Syntax:
kubectl label nodes <node-name> key=value
app=aerospike labelkubectl label nodes ip-172-32-10-60.us-west-1.compute.internal app=aerospike
kubectl label nodes ip-172-32-25-11.us-west-1.compute.internal app=aerospike
📌 Labels are only for node selection. If no matching nodes exist, Kubernetes will still schedule pods elsewhere unless prevented by a taint.
kubectl get nodes --show-labels -o wide
✅ Example Output:
NAME STATUS LABELS
ip-172-32-10-60.us-west-1.compute.internal Ready app=aerospike,eks.amazonaws.com/nodegroup=colton-test,topology.kubernetes.io/region=us-west-1
ip-172-32-25-11.us-west-1.compute.internal Ready app=aerospike,eks.amazonaws.com/nodegroup=colton-test,topology.kubernetes.io/region=us-west-1b
kubectl get nodes -o=custom-columns=NodeName:.metadata.name,TaintKey:.spec.taints[*].key,TaintValue:.spec.taints[*].value,TaintEffect:.spec.taints[*].effect
✅ Example Output:
NodeName TaintKey TaintValue TaintEffect
ip-172-32-10-60.us-west-1.compute.internal app aerospike NoSchedule
ip-172-32-25-11.us-west-1.compute.internal app aerospike NoSchedule
If a pod needs to run on tainted nodes, it must have matching tolerations.
podSpec:
tolerations:
- effect: NoSchedule
key: app
operator: Equal
value: aerospike
nodeSelector:
app: aerospike
multiPodPerHost: false
✅ This ensures:
app=aerospike.app=aerospike:NoSchedule.To connect to an Aerospike cluster while ignoring taints:
kubectl run -it --rm asadm-test -n aerospike --overrides='{"spec":{"tolerations":[{"operator":"Exists"}]}}' --image=aerospike/aerospike-tools:latest -- asadm -h aerocluster-1-0.aerocluster -U admin -P admin123
✅ Key Behavior:
operator: Exists means use all nodes with any taint.✅ Taints prevent scheduling on specific nodes
✅ Labels help assign workloads to the right nodes
✅ Tolerations allow pods to run on tainted nodes
✅ Use kubectl to check taints & labels
✅ Modify podSpec to control scheduling behavior