feat(k3s_server): persist control-plane NoSchedule taint in k3s config

Adds node-taint to /etc/rancher/k3s/config.yaml so the taint survives node reboots. Taint is already applied live via kubectl.
2026-04-27 21:35:24 +02:00
parent 5bc3024eaf
commit 95715c7748
1 changed files with 10 additions and 0 deletions
--- a/roles/k3s_server/tasks/main.yaml
+++ b/roles/k3s_server/tasks/main.yaml
@@ -28,3 +28,13 @@
 - name: Set kubeconfig on localhost
  include_tasks: create_kubeconfig.yaml
  when: inventory_hostname == groups['k3s_server'] | first
+
+- name: Persist control-plane NoSchedule taint in k3s config
+  ansible.builtin.blockinfile:
+    path: /etc/rancher/k3s/config.yaml
+    create: true
+    marker: "# {mark} ANSIBLE MANAGED control-plane taint"
+    block: |
+      node-taint:
+        - "node-role.kubernetes.io/control-plane:NoSchedule"
+  become: true