diff --git a/pkg/nfd-master/nfd-master.go b/pkg/nfd-master/nfd-master.go
index 6b834b8a2..ce5c859c5 100644
--- a/pkg/nfd-master/nfd-master.go
+++ b/pkg/nfd-master/nfd-master.go
@@ -519,24 +519,28 @@ func filterTaints(taints []corev1.Taint) []corev1.Taint {
 	outTaints := []corev1.Taint{}
 
 	for _, taint := range taints {
-		ns, _ := splitNs(taint.Key)
-
-		// Check prefix of the key, filter out disallowed ones
-		if ns == "" {
-			klog.Errorf("taint keys without namespace (prefix/) are not allowed. Ignoring taint %v", ns, taint)
-			continue
+		if err := filterTaint(&taint); err != nil {
+			klog.Errorf("ignoring taint %q: %w", taint.ToString(), err)
+		} else {
+			outTaints = append(outTaints, taint)
 		}
-		if ns != nfdv1alpha1.TaintNs && !strings.HasSuffix(ns, nfdv1alpha1.TaintSubNsSuffix) &&
-			(ns == "kubernetes.io" || strings.HasSuffix(ns, ".kubernetes.io")) {
-			klog.Errorf("Prefix %q is not allowed for taint key. Ignoring taint %v", ns, taint)
-			continue
-		}
-		outTaints = append(outTaints, taint)
 	}
-
 	return outTaints
 }
 
+func filterTaint(taint *corev1.Taint) error {
+	// Check prefix of the key, filter out disallowed ones
+	ns, _ := splitNs(taint.Key)
+	if ns == "" {
+		return fmt.Errorf("taint keys without namespace (prefix/) are not allowed")
+	}
+	if ns != nfdv1alpha1.TaintNs && !strings.HasSuffix(ns, nfdv1alpha1.TaintSubNsSuffix) &&
+		(ns == "kubernetes.io" || strings.HasSuffix(ns, ".kubernetes.io")) {
+		return fmt.Errorf("prefix %q is not allowed for taint key", ns)
+	}
+	return nil
+}
+
 func verifyNodeName(cert *x509.Certificate, nodeName string) error {
 	if cert.Subject.CommonName == nodeName {
 		return nil