From 5fe5ad51777bfd21cecfecff3cb6eb3dab0cebcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= <marcio.fernandes@outlook.pt>
Date: Tue, 17 Mar 2026 12:19:09 +0000
Subject: [PATCH] modified:   README.md

---
 README.md | 97 ++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 85 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 890b4c5..1251111 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,12 @@ Kubernetes is an open‑source platform that automates the deployment, scaling,
   - [Inline with heredoc and environment variables](#inline-with-heredoc-and-environment-variables)
   - [substr](#substr)
 - [nodes](#nodes)
-  - [taint nodes](#taint-nodes)
-    - [control plane - NoSchedule](#control-plane---noschedule)
+- [taints](#taints)
+  - [add taint](#add-taint)
+  - [remove taint](#remove-taint)
+  - [control plane - NoSchedule](#control-plane---noschedule)
+  - [Official \*.kubernetes.io taints](#official-kubernetesio-taints)
+  - [cordon](#cordon)
 - [statefulset](#statefulset)
   - [statefulset - Set Replicas](#statefulset---set-replicas)
 - [Deployment](#deployment)
@@ -431,27 +435,96 @@ envsubst < ./secret.yaml | kubectl apply -f -
 kubectl get nodes -o wide
 ```
 
-**get node taints:**
-
-``` bash
-kubectl describe node <NODE_NAME> | grep taint
-```
-
 **remove annotation:**
 
 ``` bash
 kubectl annotate node <NODE_NAME> <ANNOTATION_NAME>-
 ```
 
-### taint nodes
+## taints
 
-#### control plane - NoSchedule
+**get node taints:**
 
 ``` bash
-MASTER_NODE_NAME="master-node-name"
-kubectl taint nodes ${MASTER_NODE_NAME} node-role.kubernetes.io/control-plane=:NoSchedule
+kubectl describe node <NODE_NAME> | grep taint
 ```
 
+### add taint
+
+``` bash
+NODE="????"
+TAINT="infra.mydomain.com/dedicated=role:NoSchedule"
+kubectl taint nodes ${NODE} ${TAINT}
+```
+
+### remove taint
+
+``` bash
+NODE="chimera-deepstate"
+TAINT="infra.mydomain.com/dedicated=role:NoSchedule"
+kubectl taint nodes ${NODE} ${TAINT}-
+```
+
+### control plane - NoSchedule
+
+``` bash
+NODE="????"
+kubectl taint nodes ${NODE} node-role.kubernetes.io/control-plane=:NoSchedule
+```
+
+### Official *.kubernetes.io taints
+
+**Node condition taints (automatic):**
+
+- node.kubernetes.io/not-ready - Node is NotReady
+- node.kubernetes.io/unreachable - Node unreachable
+- node.kubernetes.io/out-of-disk - Node out of disk
+- node.kubernetes.io/memory-pressure - Memory pressure
+- node.kubernetes.io/disk-pressure - Disk pressure
+- node.kubernetes.io/network-unavailable- Network unavailable
+- node.kubernetes.io/unschedulable - Node was cordoned
+- node.kubernetes.io/ready - Node is ready (rarely used as taint)
+
+**Eviction taints (used by kubelet):**
+
+- node.kubernetes.io/pid-pressure - Too many processes
+- node.kubernetes.io/unschedulable - Node cordoned
+- node.kubernetes.io/taint-effect-no-execute - NoExecute taints
+
+**Role taints (official, safe to use):**
+
+- node-role.kubernetes.io/control-plane - Control-plane node
+- node-role.kubernetes.io/master - Legacy control-plane
+
+Everything else in *.kubernetes.io is reserved and should not be used.
+
+### cordon
+
+``` bash
+NODE="????"
+kubectl cordon ${NODE}
+```
+
+Marks a node as unschedulable.
+
+- No new pods will be scheduled on that node
+- Existing pods are not affected
+- Even after a reboot, existing pods return to the same node
+- Used for temporary maintenance (updates, debugging, draining prep)
+- Kubernetes automatically adds the taint:
+  `node.kubernetes.io/unschedulable:NoSchedule`
+
+``` bash
+NODE="???"
+kubectl uncordon ${NODE}
+```
+
+Reverses the cordon.
+
+- The node becomes schedulable again
+- New pods can land on it
+- Existing pods remain untouched
+
 ## statefulset
 
 ### statefulset - Set Replicas