Contour package deployment fails in tainted nodes due to missing tolerations schema

search cancel

book

calendar_today

VMware vSphere Kubernetes Service

When attempting to deploy the Contour package (v1.32.0) across multiple clusters, encountered a scheduling roadblock on nodes with taints. To allow Envoy pods to run on these nodes, attempted to add a tolerations block to the data-values.yaml configuration.
The deployment fails with the following error during the ytt templating phase, preventing the Envoy DaemonSet from being updated.

HH:MM:SSPM: Template failed

| ytt: Error: Overlaying data values (in following order: additional data values):

| One or more data values were invalid

| ====================================

|

| Given data value is not declared in schema

| contour.yaml:

| |

| 38 | tolerations:

| |

|

| = found: tolerations

| = expected: one of { replicas, resources, type } (from schema.yaml:108)

|

| Templating dir: Error (see .status.usefulErrorMessage for details)

HH:MM:SSPM: Error tailing app: Reconciling app: Template failed

Manual editing of the DaemonSet is not a viable workaround in large-scale, multi-cluster environments where automated reconciliation is required.

The root cause is a Schema Mismatch within the Carvel-based package structure. In the Tanzu/VKS ecosystem, the PackageInstall process uses ytt to validate input data against a predefined schema.yaml bundled inside the package. For the specific version of the Contour Standard Package being used (1.32.0+vmware.1-vks.1), the schema for the Envoy workload is strictly defined and does not include tolerations.

As the schema is immutable within a released package version, the configuration cannot be forced through the standard data-values.yaml file.
Submit a formal Feature Request via the VCF Ideas Portal to have tolerations added to the official Contour package schema in future releases, in case of such business requirements.

thumb_up Yes

thumb_down No