Taints
In Kubernetes, NoSchedule and NoExecute are two different taint effects used to control pod scheduling and eviction:
🚫 NoSchedule
- Meaning: Pods will not be scheduled onto the node if they do not tolerate the taint.
- Already-running pods are not affected.
- Use case: Prevent new pods from landing on specific nodes (e.g., dedicated nodes for special workloads).
Example:
taints:
- key: "taint"
value: "special"
effect: "NoSchedule"
❌ NoExecute
-
Meaning:
- Pods will not be scheduled onto the node (like
NoSchedule). - Existing pods that do not tolerate the taint will be evicted from the node.
- Pods will not be scheduled onto the node (like
-
Use case: Enforce stricter isolation, e.g., when a node is unhealthy or in maintenance mode.
Example:
taints:
- key: "taint"
value: "maintenance"
effect: "NoExecute"
Key Differences
| Behavior | NoSchedule |
NoExecute |
|---|---|---|
| Blocks scheduling | ✅ Yes | ✅ Yes |
| Evicts existing pods | ❌ No | ✅ Yes |
| Needs toleration to run | ✅ Yes | ✅ Yes |
Toleration Example (to allow a pod to stay on or be scheduled on a tainted node):
tolerations:
- key: "taint"
operator: "Equal"
value: "maintenance"
effect: "NoExecute"
tolerationSeconds: 60 # pod will be evicted after 60s
Without tolerationSeconds, the pod will tolerate the taint indefinitely.