diff --git a/pkg/wellknownports/wellknownports.go b/pkg/wellknownports/wellknownports.go
index bed88462a3..d76b33a83e 100644
--- a/pkg/wellknownports/wellknownports.go
+++ b/pkg/wellknownports/wellknownports.go
@@ -73,6 +73,9 @@ const (
 	// VxlanUDP is the port used by VXLAN tunneling over UDP
 	VxlanUDP = 8472
 
+	// AWSLBCMetricsPort is reserved for the AWS Load Balancer Controller's metrics.
+	AWSLBCMetricsPort = 9442
+
 	// KubeletAPI is the port where kubelet listens
 	KubeletAPI = 10250
 )
diff --git a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
index f5cfa03485..62204dc886 100644
--- a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
+++ b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
@@ -479,6 +479,7 @@ spec:
       priorityClassName: system-cluster-critical
       nodeSelector: null
       {{ if not UseServiceAccountExternalPermissions }}
+      hostNetwork: true
       tolerations:
         - operator: Exists
       {{ end }}
diff --git a/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template b/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
index b4f7a262f5..86d060a444 100644
--- a/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
+++ b/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
@@ -723,6 +723,12 @@ spec:
     matchLabels:
       app.kubernetes.io/component: controller
       app.kubernetes.io/name: aws-load-balancer-controller
+  {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+  {{ end }}
   template:
     metadata:
       labels:
@@ -744,6 +750,7 @@ spec:
       {{ end }}
       containers:
       - args:
+        - --metrics-bind-addr=:9442
         - --cluster-name={{ ClusterName }}
         - --enable-waf={{ .EnableWAF }}
         - --enable-wafv2={{ .EnableWAFv2 }}
@@ -789,6 +796,7 @@ spec:
       serviceAccountName: aws-load-balancer-controller
       terminationGracePeriodSeconds: 10
       {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+      hostNetwork: true
       tolerations:
         - key: node-role.kubernetes.io/control-plane
           operator: Exists
diff --git a/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template b/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
index 34015ca84c..0dd2a14a3f 100644
--- a/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
+++ b/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
@@ -273,6 +273,12 @@ spec:
   selector:
     matchLabels:
       app: cluster-autoscaler
+  {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+  {{ end }}
   template:
     metadata:
       annotations:
@@ -360,6 +366,7 @@ spec:
               memory: {{ or .MemoryRequest "300Mi"}}
       serviceAccountName: cluster-autoscaler
       {{ if not UseServiceAccountExternalPermissions }}
+      hostNetwork: true
       tolerations:
       - operator: "Exists"
         key: node-role.kubernetes.io/control-plane