fix: gotemplate Cilium HCP

Using builtin topolgy templating results in a deadlock because the .ControlPlane is not updated until after the lifecycle hook returns.

Author: dkoshkin

charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml

@@ -34,14 +34,10 @@ envoy:
   image:
     useDigest: false
 k8sServiceHost: auto
-{{- with .ControlPlane }}
-{{- range $key, $val := .metadata.annotations }}
-{{- if eq $key "controlplane.cluster.x-k8s.io/skip-kube-proxy" }}
+{{- if .EnableKubeProxyReplacement }}
 kubeProxyReplacement: true
 tunnelProtocol: geneve
 loadBalancer:
   mode: dsr
-  dsrDispatch: geneve{{ break }}
-{{- end }}
-{{- end }}
+  dsrDispatch: geneve
 {{- end }}

hack/addons/update-cilium-manifests.sh

@@ -24,7 +24,7 @@ mkdir -p "${ASSETS_DIR}/cilium"
 envsubst -no-unset <"${KUSTOMIZE_BASE_DIR}/kustomization.yaml.tmpl" >"${ASSETS_DIR}/kustomization.yaml"
 
 cat <<EOF >"${ASSETS_DIR}/gomplate-context.yaml"
-ControlPlane: {}
+EnableKubeProxyReplacement: false
 EOF
 gomplate -f "${GIT_REPO_ROOT}/charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml" \
   --context .="${ASSETS_DIR}/gomplate-context.yaml" \

hack/tools/fetch-images/main.go

@@ -266,16 +266,10 @@ func getValuesFileForChartIfNeeded(chartName, carenChartDirectory string) (strin
 		}
 
 		type input struct {
-			ControlPlane map[string]interface{}
+			EnableKubeProxyReplacement bool
 		}
 		templateInput := input{
-			ControlPlane: map[string]interface{}{
-				"metadata": map[string]interface{}{
-					"annotations": map[string]interface{}{
-						"controlplane.cluster.x-k8s.io/skip-kube-proxy": "",
-					},
-				},
-			},
+			EnableKubeProxyReplacement: true,
 		}
 
 		err = template.Must(template.New(defaultHelmAddonFilename).ParseFiles(f)).Execute(tempFile, &templateInput)

pkg/handlers/generic/lifecycle/cni/cilium/template.go

@@ -0,0 +1,42 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package cilium
+
+import (
+	"bytes"
+	"fmt"
+	"text/template"
+
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+
+	capiutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/utils"
+)
+
+// templateValues enables kube-proxy replacement when kube-proxy is disabled.
+func templateValues(cluster *clusterv1.Cluster, text string) (string, error) {
+	ciliumTemplate, err := template.New("").Parse(text)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse template: %w", err)
+	}
+
+	type input struct {
+		EnableKubeProxyReplacement bool
+	}
+
+	// Assume when kube-proxy is skipped, we should enable Cilium's kube-proxy replacement feature.
+	templateInput := input{
+		EnableKubeProxyReplacement: capiutils.ShouldSkipKubeProxy(cluster),
+	}
+
+	var b bytes.Buffer
+	err = ciliumTemplate.Execute(&b, templateInput)
+	if err != nil {
+		return "", fmt.Errorf(
+			"`failed setting target Cluster name and namespa`ce in template: %w",
+			err,
+		)
+	}
+
+	return b.String(), nil
+}