# 5. Taint Workstation Nodes

**Status:** Accepted (applied)

## Context

Nodes marked `workstation: true` in the inventory are machines that may reboot
for desktop updates or user activity. Only GPU workloads and monitoring should
run there intentionally. General pods should prefer always-on nodes.

*Example: in the author's cluster, ws03 is a desktop workstation with an
NVIDIA GPU that doubles as a K3s worker.*

## Decision

Apply `workstation=true:NoSchedule` taint driven by `workstation: true` in
hosts.yml. Add tolerations to GPU workloads (llamacpp) and monitoring
(grafana, prometheus, alertmanager). Other services should not tolerate the
taint — they belong on dedicated, always-on worker nodes.

## Consequences

- General pods automatically avoid workstation nodes
- Intentional workloads explicitly opt in via tolerations
- x86-only services (e.g. Supabase) should run on dedicated x86 workers, not
  workstations — add a second x86 node before applying the taint
- Longhorn storage excluded from workstations (see ADR 0009)