Why Your Kubernetes Control Plane Has a NoSchedule Taint
If you’ve ever run kubectl describe node on your control plane and wondered about this taint: Taints: node-role.kubernetes.io/control-plane:NoSchedule Here’s what it does and why you want to keep it. What It Does This taint prevents regular pods from being scheduled on control plane nodes. Only pods that explicitly tolerate the taint can run there. Why It Matters Your control plane runs critical components: etcd - The cluster’s brain (all state lives here) kube-apiserver - The API everything talks to kube-controller-manager - Manages controllers kube-scheduler - Decides where pods run If a misbehaving application pod consumes all CPU or memory on the control plane, these components starve and your entire cluster becomes unresponsive. ...