diff --git a/docs/metallb.md b/docs/metallb.md
index 8bc0de23f75..5a174b17d8b 100644
--- a/docs/metallb.md
+++ b/docs/metallb.md
@@ -24,15 +24,17 @@ metallb_speaker_enabled: true
 By default only the MetalLB BGP speaker is allowed to run on control plane nodes. If you have a single node cluster or a cluster where control plane are also worker nodes you may need to enable tolerations for the MetalLB controller:
 
 ```yaml
-metallb_controller_tolerations:
-  - key: "node-role.kubernetes.io/master"
-    operator: "Equal"
-    value: ""
-    effect: "NoSchedule"
-  - key: "node-role.kubernetes.io/control-plane"
-    operator: "Equal"
-    value: ""
-    effect: "NoSchedule"
+metallb_config:
+  controller:
+    tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Equal"
+        value: ""
+        effect: "NoSchedule"
+      - key: "node-role.kubernetes.io/control-plane"
+        operator: "Equal"
+        value: ""
+        effect: "NoSchedule"
 ```
 
 ## Pools
diff --git a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2 b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
index aeadb9251a5..38cf5c0f24c 100644
--- a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
@@ -1550,9 +1550,9 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
-{% if metallb_controller_tolerations %}
+{% if metallb_config.controller.tolerations %}
       tolerations:
-        {{ metallb_controller_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
+        {{ metallb_config.controller.tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
 {% endif %}
 {% if metallb_controller_nodeselector %}
       nodeSelector: