Merge pull request #17935 from rifelpet/automated-cherry-pick-of-#17867-#17882-#17933-origin-release-1.34

k8s-ci-robot · web-flow · commit f6c69bbad924 · 2026-02-08T08:03:08.000+05:30
Automated cherry pick of #17867: Use a different systemd-networkd configuration for AL2023 #17882: Disable cloud-init network hotplug on Ubuntu 24.04 for Cilium and Ama… #17933: Set MACAddressPolicy=none for AWS VPC CNI on AL2023
diff --git a/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go b/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go
@@ -68,12 +68,11 @@ ManageForeignRoutingPolicyRules=no
 		})
 	}
 
-	// Running Amazon VPC CNI on Ubuntu 22.04+ or any version of al2023 requires
+	// Running Amazon VPC CNI on Ubuntu 22.04+ and AL2023 requires
 	// setting MACAddressPolicy to `none` (ref: https://github.com/aws/amazon-vpc-cni-k8s/issues/2103
 	// & https://github.com/aws/amazon-vpc-cni-k8s/issues/2839
 	// & https://github.com/kubernetes/kops/issues/16255)
-	if (b.Distribution.IsUbuntu() && b.Distribution.Version() >= 22.04) ||
-		b.Distribution == distributions.DistributionAmazonLinux2023 {
+	if b.Distribution.IsUbuntu() && b.Distribution.Version() >= 22.04 || b.Distribution == distributions.DistributionAmazonLinux2023 {
 		contents := `
 [Match]
 OriginalName=*
@@ -92,5 +91,44 @@ MACAddressPolicy=none
 		})
 
 	}
+
+	// Running Amazon VPC CNI on al2023 requires setting Unmanaged to `yes`
+	// ref: https://github.com/aws/amazon-vpc-cni-k8s/issues/3524
+	if b.Distribution == distributions.DistributionAmazonLinux2023 {
+		contents := `
+[Match]
+Name=ens[6-9]* ens[1-9][0-9]*
+
+[Link]
+Unmanaged=yes
+`
+
+		c.AddTask(&nodetasks.File{
+			Path:            "/etc/systemd/network/10-vpc-cni-secondary.network",
+			Contents:        fi.NewStringResource(contents),
+			Type:            nodetasks.FileType_File,
+			OnChangeExecute: [][]string{{"systemctl", "restart", "systemd-networkd"}},
+		})
+
+	}
+
+	// On Ubuntu 24.04+, cloud-init network hotplug is enabled by default
+	// (https://github.com/canonical/cloud-init/pull/4799). This causes cloud-init to reconfigure netplan
+	// when Amazon VPC CNI attaches ENIs, breaking network functionality.
+	// See: https://github.com/kubernetes/kops/issues/17881
+	if b.Distribution.IsUbuntu() && b.Distribution.Version() >= 24.04 {
+		contents := `# Disable cloud-init network hotplug to prevent interference with Amazon VPC CNI ENI management.
+# See: https://github.com/kubernetes/kops/issues/17881
+updates:
+  network:
+    when: [boot-new-instance]
+`
+		c.AddTask(&nodetasks.File{
+			Path:     "/etc/cloud/cloud.cfg.d/99-disable-network-hotplug.cfg",
+			Contents: fi.NewStringResource(contents),
+			Type:     nodetasks.FileType_File,
+		})
+	}
+
 	return nil
 }
diff --git a/nodeup/pkg/model/networking/cilium.go b/nodeup/pkg/model/networking/cilium.go
@@ -76,6 +76,20 @@ ManageForeignRoutingPolicyRules=no
 		})
 	}
 
+	if b.Distribution.IsUbuntu() && b.Distribution.Version() >= 24.04 {
+		contents := `# Disable cloud-init network hotplug to prevent interference with Cilium ENI management.
+# See: https://github.com/kubernetes/kops/issues/17881
+updates:
+  network:
+    when: [boot-new-instance]
+`
+		c.AddTask(&nodetasks.File{
+			Path:     "/etc/cloud/cloud.cfg.d/99-disable-network-hotplug.cfg",
+			Contents: fi.NewStringResource(contents),
+			Type:     nodetasks.FileType_File,
+		})
+	}
+
 	return nil
 }
 
