Allow scheduling of pods on Kubernetes master?
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
Kubernetes normally keeps ordinary workloads off control-plane nodes, which older documentation often calls master nodes. If you want pods to run there, the scheduler is usually being blocked by a taint on purpose rather than ignoring your workload by accident.
Why Scheduling Is Blocked
Control-plane nodes run core services such as the API server, scheduler, and controller manager. To protect those components, Kubernetes commonly applies a NoSchedule taint to the node.
On newer clusters the taint key is typically node-role.kubernetes.io/control-plane. On older clusters you may still see node-role.kubernetes.io/master.
Inspect the node first:
In the output, look for a taint similar to one of these:
That taint is why a normal pod does not land there.
Option 1: Remove the Taint
If this is a local cluster, lab environment, or single-node setup, removing the taint is the simplest solution.
For the current control-plane key:
For older clusters:
The trailing dash removes the taint. After that, ordinary pods become eligible to schedule on that node.
This is common in development clusters created with kubeadm, kind, or other small test setups where there is little or no worker capacity.
Option 2: Keep the Taint and Add a Toleration
If you only want one workload to be allowed on the control-plane node, add a toleration instead of changing the whole node policy.
That tells the scheduler the pod is allowed to tolerate the taint.
Important detail: a toleration allows placement, but it does not force placement. The pod may still be scheduled onto a worker node if one is available.
Option 3: Add a Node Selector Too
If you want the pod to specifically target the control-plane node, combine the toleration with node selection.
If your cluster uses the older master label and taint, update both keys accordingly.
When This Is a Good Idea
Scheduling onto control-plane nodes is reasonable in these cases:
- single-node development clusters
- home lab clusters with limited hardware
- temporary debugging or recovery work
- infrastructure add-ons placed there intentionally
For general production workloads, it is usually the wrong tradeoff. Application traffic can compete with cluster-critical services for CPU, memory, and disk I/O.
Common Pitfalls
A common mistake is adding only a toleration and expecting the pod to move onto the control-plane node. A toleration merely permits placement. It does not express a preference or requirement.
Another mistake is following older blog posts without checking whether the cluster uses the master key or the modern control-plane key. Both exist in the wild, and using the wrong one makes it seem like the YAML has no effect.
A third issue is removing the taint on a production cluster just to make scheduling easier. That can create control-plane instability that is much harder to diagnose later.
Summary
- Control-plane nodes are usually protected by a
NoScheduletaint - You can allow pods there by removing the taint or by adding a matching toleration
- Use the
control-planekey on newer clusters andmasteron older ones - A toleration allows placement but does not force placement
- Keep ordinary production workloads off control-plane nodes unless the tradeoff is deliberate

