diff --git a/hosts/k8s/kubevirt-shushou/default.nix b/hosts/k8s/kubevirt-shushou/default.nix
index 0d438cbc..75eb8545 100644
--- a/hosts/k8s/kubevirt-shushou/default.nix
+++ b/hosts/k8s/kubevirt-shushou/default.nix
@@ -19,6 +19,14 @@
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "kubevirt-cluster-1.writefor.fun";
+    kubeletExtraArgs = [
+      "--cpu-manager-policy=static"
+      # https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
+      # we have to reserve some resources for for system daemons running as pods or system services
+      # when cpu-manager's static policy is enabled
+      # the memory we reserved here is also for the kernel, since kernel's memory is not accounted in pods
+      "--system-reserved=cpu=1,memory=2Gi,ephemeral-storage=2Gi"
+    ];
     nodeLabels = [
       "node-purpose=kubevirt"
     ];
diff --git a/hosts/k8s/kubevirt-youko/default.nix b/hosts/k8s/kubevirt-youko/default.nix
index 62e2d507..00a5a0c2 100644
--- a/hosts/k8s/kubevirt-youko/default.nix
+++ b/hosts/k8s/kubevirt-youko/default.nix
@@ -19,6 +19,14 @@
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "kubevirt-cluster-1.writefor.fun";
+    kubeletExtraArgs = [
+      "--cpu-manager-policy=static"
+      # https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
+      # we have to reserve some resources for for system daemons running as pods or system services
+      # when cpu-manager's static policy is enabled
+      # the memory we reserved here is also for the kernel, since kernel's memory is not accounted in pods
+      "--system-reserved=cpu=1,memory=2Gi,ephemeral-storage=2Gi"
+    ];
     nodeLabels = [
       "node-purpose=kubevirt"
     ];