^{When deploying a Tanzu Kubernetes workload cluster on vSphere Kubernetes Service (VKS) 3.4, the deployment may fail with an admission webhook error.}

^{You may encounter the following error during cluster creation using workload.yaml:}

Error from server (Forbidden): error when creating "workload.yaml": admission webhook "capi.mutating.tanzukubernetescluster.run.tanzu.vmware.com" denied the request: Cluster and variable validation failed: [spec.topology.variables[defaultStorageClass]: Invalid value: "\"vks-storage-policy\"": variable is not defined, spec.topology.variables[nodePoolVolumes]: Invalid value: "[{\"capacity\":{\"storage\":\"100Gi\"},\"mountPath\":\"/var/lib/containerd\",\"name\":\"containerd\",\"storageClass\":\"vks-storage-policy\"},{\"capacity\":{\"storage\":\"100Gi\"},\"mountPath\":\"/var/lib/kubelet\",\"name\":\"kubelet\",\"storageClass\":\"vks-storage-policy\"}]": variable is not defined, spec.topology.variables[trust]: Invalid value: "{\"additionalTrustedCAs\":[{\"name\":\"additional-ca-1\"}]}": variable is not defined]

VMware vSphere Kubernetes Service 3.4.0 and later

• The error occurs because the YAML manifest references deprecated variables that are no longer supported in TKG Service 3.4.
• Specifically:
  • defaultStorageClass is supported only in TKG Service 3.1.0 and earlier.
  • In TKG Service 3.4, the correct variable is:

     vsphereOptions.persistentVolumes.defaultStorageClass

To resolve this issue:

1. Update the workload cluster YAML file by removing or replacing deprecated variables with their supported equivalents.
   • Replace:

              defaultStorageClass

             with:

             vsphereOptions.persistentVolumes.defaultStorageClass

2. Remove unsupported variables such as nodePoolVolumes and trust if present.
3. Reapply the corrected YAML file to deploy the cluster.
   • Example:

              kubectl apply -f workload.yaml

4. The cluster deployment should now succeed without errors.