From 95715c7748224f06d34bfe30030038135d8b4e61 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Mon, 27 Apr 2026 21:35:24 +0200
Subject: [PATCH] feat(k3s_server): persist control-plane NoSchedule taint in
 k3s config

Adds node-taint to /etc/rancher/k3s/config.yaml so the taint
survives node reboots. Taint is already applied live via kubectl.
---
 roles/k3s_server/tasks/main.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/k3s_server/tasks/main.yaml b/roles/k3s_server/tasks/main.yaml
index dcb7d76..27fc64c 100644
--- a/roles/k3s_server/tasks/main.yaml
+++ b/roles/k3s_server/tasks/main.yaml
@@ -28,3 +28,13 @@
 - name: Set kubeconfig on localhost
   include_tasks: create_kubeconfig.yaml
   when: inventory_hostname == groups['k3s_server'] | first
+
+- name: Persist control-plane NoSchedule taint in k3s config
+  ansible.builtin.blockinfile:
+    path: /etc/rancher/k3s/config.yaml
+    create: true
+    marker: "# {mark} ANSIBLE MANAGED control-plane taint"
+    block: |
+      node-taint:
+        - "node-role.kubernetes.io/control-plane:NoSchedule"
+  become: true