diff --git a/internal/role/p2p/control-plane.go b/internal/role/p2p/control-plane.go
index 22fd0f6..9069423 100644
--- a/internal/role/p2p/control-plane.go
+++ b/internal/role/p2p/control-plane.go
@@ -126,6 +126,13 @@ func ControlPlane(cc *config.Config, pconfig *providerConfig.Config, roleName st
 		c.Logger.Info("Running bootstrap before stage")
 		utils.SH(fmt.Sprintf("kairos-agent run-stage provider-kairos.bootstrap.before.%s", roleName)) //nolint:errcheck
 
+		if controlPlane.HA() {
+			err = controlPlane.SetupHAToken()
+			if err != nil {
+				return err
+			}
+		}
+
 		svc, err := controlPlane.Service()
 		if err != nil {
 			return fmt.Errorf("failed to get %s service: %w", controlPlane.Distro(), err)
diff --git a/internal/role/p2p/k0s.go b/internal/role/p2p/k0s.go
index 88b0601..94471f4 100644
--- a/internal/role/p2p/k0s.go
+++ b/internal/role/p2p/k0s.go
@@ -137,8 +137,8 @@ func (k *K0sControlPlane) Args() ([]string, error) {
 		return args, errors.New("ExternalDB is not yet supported with k0s")
 	}
 
-	if k.HA() && !k.ClusterInit() {
-		return args, errors.New("HA is not yet supported with k0s")
+	if k.HA() {
+		args = append(args, "--token-file /etc/k0s/token")
 	}
 
 	// when we start implementing this functionality, remember to use
@@ -218,9 +218,7 @@ func (k *K0sControlPlane) HA() bool {
 }
 
 func (k *K0sControlPlane) ClusterInit() bool {
-	// k0s does not have a cluster init role like k3s. Instead we should have a way to set in the config
-	// if the user wants a single node cluster, multi-node cluster, or HA cluster
-	return false
+	return k.role == common.RoleControlPlaneClusterInit
 }
 
 func (k *K0sControlPlane) IP() string {
@@ -287,6 +285,23 @@ func (k *K0sWorker) Args() ([]string, error) {
 	return args, nil
 }
 
+func (k *K0sControlPlane) SetupHAToken() error {
+	controlPlaneToken, err := k.Token()
+	if err != nil {
+		return err
+	}
+
+	if controlPlaneToken == "" {
+		return errors.New("control plane token is not there")
+	}
+
+	if err := os.WriteFile("/etc/k0s/token", []byte(controlPlaneToken), 0644); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (k *K0sWorker) SetupWorker(_, nodeToken string) error {
 	if err := os.WriteFile("/etc/k0s/token", []byte(nodeToken), 0644); err != nil {
 		return err
diff --git a/internal/role/p2p/k3s.go b/internal/role/p2p/k3s.go
index 4824a87..4201fa3 100644
--- a/internal/role/p2p/k3s.go
+++ b/internal/role/p2p/k3s.go
@@ -260,6 +260,11 @@ func (k *K3sWorker) Args() ([]string, error) {
 	return args, nil
 }
 
+func (k *K3sControlPlane) SetupHAToken() error {
+	// K3s doesn't need a token for HA, it uses the node-token
+	return nil
+}
+
 func (k *K3sWorker) SetupWorker(controlPlaneIP, nodeToken string) error {
 	pconfig := k.ProviderConfig()
 
diff --git a/internal/role/p2p/k8s.go b/internal/role/p2p/k8s.go
index d7920fb..ecb8bd4 100644
--- a/internal/role/p2p/k8s.go
+++ b/internal/role/p2p/k8s.go
@@ -41,6 +41,7 @@ type K8sControlPlane interface {
 	SetIP(ip string)
 	GuessInterface()
 	Distro() string
+	SetupHAToken() error
 }
 
 type K8sWorker interface {