This message was deleted.

you can edit the k3s config.yaml to add a taint and then add a toleration to ALL your manifests and it will still be agnostic at that point. /I think/ I'm not an expert. kubelet-arg: ["--register-with-taints", "node-role.kubernetes.io/control-plane=:NoSchedule"] tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule

Thanks! Using the kubelet-arg when initialising the control-plane nodes already solved the issue... The k3s CoreDNS manifest already has the toleration in place.