Interview › Kubernetes, Docker, Helm & Podman
What are taints and tolerations, and how do they differ from affinity?
Kubernetes, Docker, Helm & Podman · Intermediate level
Answer
Taints repel Pods from nodes unless the Pods tolerate them. Affinity attracts or avoids placement based on labels. Taints are usually node-owned guardrails, while affinity is usually workload-owned scheduling intent.
Technical explanation
Tolerating a taint does not force placement on that node; it only allows the Pod to be scheduled there.
NoSchedule prevents new Pods, PreferNoSchedule is soft, and NoExecute can evict existing Pods.
Scheduling controls place workloads correctly; RBAC and ServiceAccounts decide what identities can do after placement.
Use labels consistently because Services, Deployments, affinities, policies, and topology spread all depend on label selection.
Every constraint should be testable with events: FailedScheduling, denied API calls, or observed placement.
Hands-on example
1. Create a lab namespace for this exercise with explicit labels, ServiceAccounts, roles, node labels, or taints: taint a node and schedule only Pods with matching tolerations.
2. Use kubectl auth can-i, kubectl describe pod, and scheduling events to verify the expected decision.
3. Test a negative case, such as missing permission, missing toleration, or impossible affinity, and capture the exact error.
4. Convert the validated YAML into a reusable platform pattern with clear naming and labels.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Kubernetes, Docker, Helm & Podman interview questions
- What is Kubernetes, and what problem does it solve over running containers manually?
- Explain the Kubernetes control plane components (API server, etcd, scheduler, controller manager).
- What runs on a worker node (kubelet, kube-proxy, container runtime)?
- What is a Pod, and why does Kubernetes schedule Pods rather than containers?
- What is the difference between a Pod, a ReplicaSet, and a Deployment?
- How does a Deployment perform a rolling update, and how do maxSurge and maxUnavailable work?
- How do you roll back a Deployment, and how does Kubernetes track revisions?
- What is a Service, and what are the types (ClusterIP, NodePort, LoadBalancer, ExternalName)?