diff --git a/roles/k3s_server/tasks/main.yaml b/roles/k3s_server/tasks/main.yaml
index dcb7d76..27fc64c 100644
--- a/roles/k3s_server/tasks/main.yaml
+++ b/roles/k3s_server/tasks/main.yaml
@@ -28,3 +28,13 @@
 - name: Set kubeconfig on localhost
   include_tasks: create_kubeconfig.yaml
   when: inventory_hostname == groups['k3s_server'] | first
+
+- name: Persist control-plane NoSchedule taint in k3s config
+  ansible.builtin.blockinfile:
+    path: /etc/rancher/k3s/config.yaml
+    create: true
+    marker: "# {mark} ANSIBLE MANAGED control-plane taint"
+    block: |
+      node-taint:
+        - "node-role.kubernetes.io/control-plane:NoSchedule"
+  become: true