Hi, I've migrated a Rancher K3S cluster with terraform from 3 all-in-one nodes (ctrl-plane, etcd, worker) to 3 ctrl-plane+etcd and 4 workers only Now I was expecting that the workload will only run on the workers but I see pods being scheduled on the ctrl-plane+etcd nodes as well. Is this expected? Do I need to set taints manually? If so which ones so that the normal control-plane stuff is not affected?

check if the pods that are scheduled have tolerations that allow them to run there. Some pods need to run on the control plane nodes, like CNI plugin pods etc

I don't see any taints on the control plane nodes but the "workload pods" have definetly no tolerations of any kind...