A taint on a node repels pods. A toleration on a pod is like an exception. It tells the scheduler, "this pod can run on a node with this taint."

Taints live on nodes. Tolerations live on pods

In short, without a matching toleration, a pod cannot be scheduled on a tainted node as illustrated below.

We add tolerations under the spec section of the Pod. For example,

This pod can now be scheduled on a node tainted with type=web:NoSchedule.

tolerationSeconds

When a NoExecute taint is applied, pods without a toleration are evicted immediately. But if a pod has a toleration with tolerationSeconds, it gets a grace period before eviction.

For example,

This pod will be allowed to run on the tainted node for 3600 seconds (1 hour) before being evicted. It is particularly useful for graceful pod evictions during maintenance windows.