diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2
index a03aa5f96..f73a85fe9 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2
@@ -19,3 +19,10 @@ controlPlane:
 nodeRegistration:
   name: {{ kube_override_hostname|default(inventory_hostname) }}
   criSocket: {{ cri_socket }}
+{% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
+  taints:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+{% else %}
+  taints: []
+{% endif %}
\ No newline at end of file