docs: mention tolerations impact on isolation

This should mitigate the point raised in loft-sh#251
FabianKramm · Nov 7, 2022 · 8058871 · 8058871
1 parent 832d677
commit 8058871
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/docs/pages/operator/security.mdx b/docs/pages/operator/security.mdx
@@ -150,7 +150,9 @@ If you want more control over this, you can also use an admission controller, th
 
 ### Advanced Isolation
 
-Besides this basic workload isolation, you could also dive into more advanced isolation methods, such as isolating the workloads on separate nodes or through an other container runtime. Using different nodes for your vcluster workloads can be accomplished through the [--node-selector flag](../architecture/nodes.mdx) on vcluster syncer.
+Besides this basic workload isolation, you could also dive into more advanced isolation methods, such as isolating the workloads on separate nodes or through another container runtime. Using different nodes for your vcluster workloads can be accomplished through the [--node-selector flag](../architecture/nodes.mdx) on vcluster syncer.
+
+You should also be aware that pods created in the vcluster will set their [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/), which will affect scheduling decisions. To prevent the pods from being scheduled to the undesirable nodes you can use the [--node-selector flag](../architecture/nodes.mdx) or admission controller as mentioned above.
 
 ## Network Isolation