From babe2008c409d57ee8559132cd5cef05046c598d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=28=E2=95=AF=C2=B0=E2=96=A1=C2=B0=EF=BC=89=E2=95=AF?=
 =?UTF-8?q?=EF=B8=B5=20u=E1=B4=89=C7=9DssnH=20=C9=90=C9=9F=C9=90=CA=87soW?=
 <mostafa.hussein91@gmail.com>
Date: Sat, 14 Jun 2025 08:12:15 +0400
Subject: [PATCH 1/2] feat: support systemd config on Ubuntu 22.04+ for Amazon
 VPC CNI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: (╯°□°）╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com>
---
 nodeup/pkg/model/networking/amazon-vpc-routed-eni.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go b/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go
index 7bec9935f4..0f1cc8a27d 100644
--- a/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go
+++ b/nodeup/pkg/model/networking/amazon-vpc-routed-eni.go
@@ -48,7 +48,10 @@ func (b *AmazonVPCRoutedENIBuilder) Build(c *fi.NodeupModelBuilderContext) error
 				{"udevadm", "trigger"},
 			},
 		})
+	}
 
+	if (b.Distribution.IsUbuntu() && b.Distribution.Version() >= 22.04) ||
+		b.Distribution == distributions.DistributionAmazonLinux2023 {
 		// Make systemd-networkd ignore foreign settings, else it may
 		// unexpectedly delete IP rules and routes added by CNI
 		contents := `

From fa2006d79afc9502137ac006e523cd0eca251366 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=28=E2=95=AF=C2=B0=E2=96=A1=C2=B0=EF=BC=89=E2=95=AF?=
 =?UTF-8?q?=EF=B8=B5=20u=E1=B4=89=C7=9DssnH=20=C9=90=C9=9F=C9=90=CA=87soW?=
 <mostafa.hussein91@gmail.com>
Date: Wed, 18 Jun 2025 16:25:22 +0400
Subject: [PATCH 2/2] feat: prevent systemd-networkd from removing Cilium
 routes on restart
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: (╯°□°）╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com>
---
 nodeup/pkg/model/networking/cilium.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/nodeup/pkg/model/networking/cilium.go b/nodeup/pkg/model/networking/cilium.go
index 8fff957052..f3371d3674 100644
--- a/nodeup/pkg/model/networking/cilium.go
+++ b/nodeup/pkg/model/networking/cilium.go
@@ -27,6 +27,7 @@ import (
 	"k8s.io/kops/nodeup/pkg/model"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
+	"k8s.io/kops/util/pkg/distributions"
 )
 
 // CiliumBuilder writes Cilium's assets
@@ -57,6 +58,24 @@ func (b *CiliumBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 		return fmt.Errorf("failed to create cgroupv2 mount unit: %w", err)
 	}
 
+	if (b.Distribution.IsUbuntu() && b.Distribution.Version() >= 22.04) ||
+		b.Distribution == distributions.DistributionAmazonLinux2023 {
+		// Make systemd-networkd ignore foreign settings, else it may
+		// unexpectedly delete IP rules and routes added by CNI
+		contents := `
+# Do not clobber any routes or rules added by CNI.
+[Network]
+ManageForeignRoutes=no
+ManageForeignRoutingPolicyRules=no
+`
+		c.AddTask(&nodetasks.File{
+			Path:            "/usr/lib/systemd/networkd.conf.d/40-disable-manage-foreign-routes.conf",
+			Contents:        fi.NewStringResource(contents),
+			Type:            nodetasks.FileType_File,
+			OnChangeExecute: [][]string{{"systemctl", "restart", "systemd-networkd"}},
+		})
+	}
+
 	return nil
 }