diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
index fadc87b64..6e647760d 100644
--- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@@ -142,12 +142,12 @@ data:
 {% if cilium_version | regex_replace('v') is version('1.12', '<') %}
   native-routing-cidr: "{{ cilium_native_routing_cidr }}"
 {% else %}
-  {% if cilium_native_routing_cidr | length %}
+{% if cilium_native_routing_cidr | length %}
   ipv4-native-routing-cidr: "{{ cilium_native_routing_cidr }}"
-  {% endif %}
-  {% if cilium_native_routing_cidr_ipv6 | length %}
+{% endif %}
+{% if cilium_native_routing_cidr_ipv6 | length %}
   ipv6-native-routing-cidr: "{{ cilium_native_routing_cidr_ipv6 }}"
-  {% endif %}
+{% endif %}
 {% endif %}
 
   auto-direct-node-routes: "{{ cilium_auto_direct_node_routes }}"
@@ -182,16 +182,16 @@ data:
 
   # Enable transparent network encryption
 {% if cilium_encryption_enabled %}
-  {% if cilium_encryption_type == "ipsec" %}
+{% if cilium_encryption_type == "ipsec" %}
   enable-ipsec: "true"
   ipsec-key-file: /etc/ipsec/keys
   encrypt-node: "{{ cilium_ipsec_node_encryption }}"
-  {% endif %}
+{% endif %}
 
-  {% if cilium_encryption_type == "wireguard" %}
+{% if cilium_encryption_type == "wireguard" %}
   enable-wireguard: "true"
   enable-wireguard-userspace-fallback: "{{ cilium_wireguard_userspace_fallback }}"
-  {% endif %}
+{% endif %}
 {% endif %}
 
   # IPAM settings
@@ -236,4 +236,4 @@ data:
 {% endfor %}
     masqLinkLocal: {{ cilium_masq_link_local|bool }}
     resyncInterval: "{{ cilium_ip_masq_resync_interval }}"
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
index 2ce442062..08385b457 100644
--- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
@@ -167,7 +167,7 @@ spec:
         - name: cilium-config-path
           mountPath: /tmp/cilium/config-map
           readOnly: true
-{% if cilium_ip_masq_agent_enable %}\
+{% if cilium_ip_masq_agent_enable %}
         - name: ip-masq-agent
           mountPath: /etc/config
           readOnly: true