nutanix-cloud-native · supershal · Sep 29, 2025 · Sep 17, 2025 · Sep 24, 2025 · Sep 23, 2025
diff --git a/charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml b/charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml
@@ -18,8 +18,13 @@ hubble:
     image:
       useDigest: false
     priorityClassName: system-cluster-critical
+{{- if eq .Provider "eks" }}
+ipam:
+  mode: eni
+{{- else }}
 ipam:
   mode: kubernetes
+{{- end }}
 image:
   useDigest: false
 operator:
@@ -33,7 +38,17 @@ socketLB:
 envoy:
   image:
     useDigest: false
-k8sServiceHost: auto
 {{- if .EnableKubeProxyReplacement }}
 kubeProxyReplacement: true
 {{- end }}
+k8sServiceHost: "{{ trimPrefix .ControlPlaneEndpoint.Host "https://" }}"
+k8sServicePort: "{{ .ControlPlaneEndpoint.Port }}"
+{{- if eq .Provider "eks" }}
+enableIPv4Masquerade: false
+eni:
+  enabled: true
+  awsReleaseExcessIPs: true
+routingMode: native
+endpointRoutes:
+  enabled: true
+{{- end }}
diff --git a/common/pkg/capi/utils/annotations.go b/common/pkg/capi/utils/annotations.go
@@ -0,0 +1,18 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package utils
+
+import (
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
+)
+
+// ShouldSkipKubeProxy returns true if the cluster is configured to skip kube proxy installation.
+func ShouldSkipKubeProxy(cluster *clusterv1.Cluster) bool {
+	if cluster.Spec.Topology != nil {
+		_, isSkipKubeProxy := cluster.Spec.Topology.ControlPlane.Metadata.Annotations[controlplanev1.SkipKubeProxyAnnotation]
+		return isSkipKubeProxy
+	}
+	return false
+}
diff --git a/examples/capi-quick-start/eks-cluster.yaml b/examples/capi-quick-start/eks-cluster.yaml
@@ -1,56 +1,3 @@
-apiVersion: v1
-data:
-  values.yaml: |-
-    cni:
-      exclusive: false
-    hubble:
-      enabled: true
-      tls:
-        auto:
-          enabled: true               # enable automatic TLS certificate generation
-          method: cronJob             # auto generate certificates using cronJob method
-          certValidityDuration: 60    # certificates validity duration in days (default 2 months)
-          schedule: "0 0 1 * *"       # schedule on the 1st day regeneration of each month
-      relay:
-        enabled: true
-        tls:
-          server:
-            enabled: true
-            mtls: true
-        image:
-          useDigest: false
-        priorityClassName: system-cluster-critical
-    image:
-      useDigest: false
-    operator:
-      image:
-        useDigest: false
-    certgen:
-      image:
-        useDigest: false
-    socketLB:
-      hostNamespaceOnly: true
-    envoy:
-      image:
-        useDigest: false
-    kubeProxyReplacement: true
-    k8sServiceHost: "{{ trimPrefix "https://" .Cluster.spec.controlPlaneEndpoint.host }}"
-    k8sServicePort: "{{ .Cluster.spec.controlPlaneEndpoint.port }}"
-    ipam:
-      mode: eni
-    enableIPv4Masquerade: false
-    eni:
-      enabled: true
-      awsReleaseExcessIPs: true
-    routingMode: native
-    endpointRoutes:
-      enabled: true
-kind: ConfigMap
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: eks
-  name: ${CLUSTER_NAME}-cilium-cni-helm-values-template
----
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
 metadata:
@@ -70,10 +17,6 @@ spec:
           clusterAutoscaler: {}
           cni:
             provider: Cilium
-            values:
-              sourceRef:
-                kind: ConfigMap
-                name: ${CLUSTER_NAME}-cilium-cni-helm-values-template
           csi:
             defaultStorage:
               provider: aws-ebs

diff --git a/hack/addons/update-cilium-manifests.sh b/hack/addons/update-cilium-manifests.sh
@@ -25,10 +25,18 @@ envsubst -no-unset <"${KUSTOMIZE_BASE_DIR}/kustomization.yaml.tmpl" >"${ASSETS_D
 
 cat <<EOF >"${ASSETS_DIR}/gomplate-context.yaml"
 EnableKubeProxyReplacement: false
+Provider: tmpl-capiprovider-tmpl
+ControlPlaneEndpoint:
+  Host: tmpl-controlplaneendpointhost-tmpl
+  Port: 6443
 EOF
-gomplate -f "${GIT_REPO_ROOT}/charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml" \
-  --context .="${ASSETS_DIR}/gomplate-context.yaml" \
-  >"${ASSETS_DIR}/helm-values.yaml"
+# Replace trimPrefix with strings.TrimPrefix to use the in built go function in gomplate.
+sed -e 's/trimPrefix/strings.TrimPrefix/g' \
+  -e '/k8sServiceHost:.*/,/k8sServicePort:/c\
+k8sServiceHost: auto' \
+  "${GIT_REPO_ROOT}/charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml" |
+  gomplate --context .="${ASSETS_DIR}/gomplate-context.yaml" \
+    >"${ASSETS_DIR}/helm-values.yaml"
 
 kustomize build \
   --load-restrictor LoadRestrictionsNone \

diff --git a/hack/examples/additional-resources/eks/cilium-configmap.yaml b/hack/examples/additional-resources/eks/cilium-configmap.yaml
diff --git a/hack/examples/overlays/clusters/eks/kustomization.yaml.tmpl b/hack/examples/overlays/clusters/eks/kustomization.yaml.tmpl
@@ -5,17 +5,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- ../../../additional-resources/eks/cilium-configmap.yaml
 - ../../../bases/eks/cluster
 
 sortOptions:
   order: fifo
 
 patches:
-  # TODO: Replace with generic cilium patch and dynamically generate the correct EKS values
-  - target:
-      kind: Cluster
-    path: ../../../patches/eks/cilium-with-custom-values.yaml
   - target:
       kind: Cluster
     path: ../../../patches/skip-kube-proxy.yaml
diff --git a/hack/examples/patches/eks/cilium-with-custom-values.yaml b/hack/examples/patches/eks/cilium-with-custom-values.yaml
diff --git a/hack/examples/patches/eks/initialize-variables.yaml b/hack/examples/patches/eks/initialize-variables.yaml
@@ -11,7 +11,3 @@
           nfd: {}
           cni:
             provider: Cilium
-            values:
-              sourceRef:
-                name: ${CLUSTER_NAME}-cilium-cni-helm-values-template
-                kind: ConfigMap
diff --git a/pkg/handlers/generic/lifecycle/cni/cilium/template.go b/pkg/handlers/generic/lifecycle/cni/cilium/template.go
@@ -6,11 +6,13 @@ package cilium
 import (
 	"bytes"
 	"fmt"
+	"strings"
 	"text/template"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 
 	apivariables "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
+	capiutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/utils"
 )
 
 // templateValues enables kube-proxy replacement when kube-proxy is disabled.
@@ -20,18 +22,25 @@ func templateValues(cluster *clusterv1.Cluster, text string) (string, error) {
 		return "", fmt.Errorf("failed to check if kube-proxy is disabled: %w", err)
 	}
 
-	ciliumTemplate, err := template.New("").Parse(text)
+	funcMap := template.FuncMap{
+		"trimPrefix": strings.TrimPrefix,
+	}
+	ciliumTemplate, err := template.New("").Funcs(funcMap).Parse(text)
 	if err != nil {
 		return "", fmt.Errorf("failed to parse template: %w", err)
 	}
 
 	type input struct {
+		Provider                   string
+		ControlPlaneEndpoint       clusterv1.APIEndpoint
 		EnableKubeProxyReplacement bool
 	}
 
 	// Assume when kube-proxy is disabled, we should enable Cilium's kube-proxy replacement feature.
 	templateInput := input{
 		EnableKubeProxyReplacement: kubeProxyIsDisabled,
+		Provider:                   capiutils.GetProvider(cluster),
+		ControlPlaneEndpoint:       cluster.Spec.ControlPlaneEndpoint,
 	}
 
 	var b bytes.Buffer