feat: cilium configuration overrides for EKS provider

Author: supershal

charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml

@@ -18,8 +18,14 @@ hubble:
     image:
       useDigest: false
     priorityClassName: system-cluster-critical
+{{- $capiProvider := index .Cluster.Labels "cluster.x-k8s.io/provider" }}
+{{- if eq $capiProvider "eks" }}
+ipam:
+  mode: eni
+{{- else }}
 ipam:
   mode: kubernetes
+{{- end }}
 image:
   useDigest: false
 operator:
@@ -33,7 +39,25 @@ socketLB:
 envoy:
   image:
     useDigest: false
-k8sServiceHost: auto
+
 {{- if .EnableKubeProxyReplacement }}
 kubeProxyReplacement: true
 {{- end }}
+
+{{- if eq $capiProvider "eks" }}
+k8sServiceHost: "{{ trimPrefix "https://" .Cluster.spec.controlPlaneEndpoint.host }}"
+k8sServicePort: "{{ .Cluster.spec.controlPlaneEndpoint.port }}"
+{{- else }}
+k8sServiceHost: auto
+{{- end }}
+
+{{- if eq $capiProvider "eks" }}
+enableIPv4Masquerade: false
+eni:
+  enabled: true
+  awsReleaseExcessIPs: true
+routingMode: native
+endpointRoutes:
+  enabled: true
+{{- end }}
+   

common/pkg/capi/utils/annotations.go

@@ -8,11 +8,12 @@ import (
 	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
 )
 
-// ShouldSkipKubeProxy returns true if the cluster is configured to skip kube proxy installation.
+// ShouldSkipKubeProxy returns true if the cluster is configured to skip kube proxy installation
+// or if the cluster is an EKS cluster where kube proxy is always disabled on AWSManagedControlPlaneTemplate.
 func ShouldSkipKubeProxy(cluster *clusterv1.Cluster) bool {
 	if cluster.Spec.Topology != nil {
-		_, isSkipKubeProxy := cluster.Spec.Topology.ControlPlane.Metadata.Annotations[controlplanev1.SkipKubeProxyAnnotation]
-		return isSkipKubeProxy
+		_, isSkipKubeProxyAnnotation := cluster.Spec.Topology.ControlPlane.Metadata.Annotations[controlplanev1.SkipKubeProxyAnnotation]
+		return isSkipKubeProxyAnnotation
 	}
 	return false
 }

pkg/handlers/generic/lifecycle/cni/cilium/template.go

@@ -21,11 +21,13 @@ func templateValues(cluster *clusterv1.Cluster, text string) (string, error) {
 	}
 
 	type input struct {
+		Cluster                    *clusterv1.Cluster
 		EnableKubeProxyReplacement bool
 	}
 
 	// Assume when kube-proxy is skipped, we should enable Cilium's kube-proxy replacement feature.
 	templateInput := input{
+		Cluster:                    cluster,
 		EnableKubeProxyReplacement: capiutils.ShouldSkipKubeProxy(cluster),
 	}