What is Toleration in Kubernetes: Explanation and Example
toleration allows a pod to be scheduled on nodes with matching taints. It tells the scheduler to ignore certain node restrictions, enabling pods to run on nodes that would otherwise reject them.How It Works
Imagine you have a house with some rooms marked as "off-limits" for most guests. These rooms are like nodes with taints in Kubernetes, which repel pods from being scheduled there. A toleration is like a special permission slip that a guest (pod) carries, allowing them to enter those restricted rooms.
When Kubernetes schedules pods, it checks if the pod has tolerations matching the taints on nodes. If the pod tolerates the taint, it can be placed on that node. Otherwise, the pod is blocked from running there. This mechanism helps control where pods run, improving cluster stability and resource management.
Example
This example shows a pod with a toleration that allows it to run on nodes tainted with key=example, value=NoSchedule, effect=NoSchedule.
apiVersion: v1
kind: Pod
metadata:
name: tolerant-pod
spec:
containers:
- name: nginx
image: nginx
tolerations:
- key: "example"
operator: "Equal"
value: "NoSchedule"
effect: "NoSchedule"When to Use
Use tolerations when you want specific pods to run on nodes with special conditions or restrictions. For example, you might taint nodes reserved for high-memory workloads and add tolerations to pods that need that memory.
Another use case is isolating critical system pods on dedicated nodes by tainting those nodes and allowing only pods with matching tolerations to run there. This helps keep important workloads stable and separate from general workloads.
Key Points
- Taints repel pods from nodes.
- Tolerations allow pods to ignore taints.
- Tolerations must match taints by key, value, and effect.
- They help control pod placement and cluster stability.