diff --git a/controller/linodemachine_controller.go b/controller/linodemachine_controller.go
index c5bda5468..d4354ec72 100644
--- a/controller/linodemachine_controller.go
+++ b/controller/linodemachine_controller.go
@@ -327,6 +327,14 @@ func (r *LinodeMachineReconciler) reconcileCreate(
 			return nil, err
 		}
 
+		// add public interface to linode (eth0)
+		iface := &linodego.InstanceConfigInterfaceCreateOptions{
+			Purpose: linodego.InterfacePurposePublic,
+			Primary: true,
+		}
+		createOpts.Interfaces = append(createOpts.Interfaces, *iface)
+
+		// if vpc, attach additional interface to linode (eth1)
 		if machineScope.LinodeCluster.Spec.VPCRef != nil {
 			iface, err := r.getVPCInterfaceConfig(ctx, machineScope, createOpts.Interfaces, logger)
 			if err != nil {
diff --git a/templates/addons/cilium/cilium.yaml b/templates/addons/cilium/cilium.yaml
index 5527f3a2c..05e33ba9b 100644
--- a/templates/addons/cilium/cilium.yaml
+++ b/templates/addons/cilium/cilium.yaml
@@ -15,8 +15,17 @@ spec:
     wait: true
     timeout: 5m
   valuesTemplate: |
+    routingMode: native
+    kubeProxyReplacement: true
+    ipv4NativeRoutingCIDR: 10.0.0.0/8
+    tunnelProtocol: ""
+    enableIPv4Masquerade: true
     ipam:
       mode: kubernetes
+    ipv4:
+      enabled: true
+    ipv6:
+      enabled: false
     k8s:
       requireIPv4PodCIDR: true
     hubble:
diff --git a/templates/flavors/base/kustomization.yaml b/templates/flavors/base/kustomization.yaml
index f8d5d1e31..b33d0e0af 100644
--- a/templates/flavors/base/kustomization.yaml
+++ b/templates/flavors/base/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - cluster.yaml
+  - linodeVPC.yaml
   - linodeCluster.yaml
   - linodeMachineTemplate.yaml
   - machineDeployment.yaml
diff --git a/templates/flavors/base/linodeCluster.yaml b/templates/flavors/base/linodeCluster.yaml
index 9c637f598..d0640004a 100644
--- a/templates/flavors/base/linodeCluster.yaml
+++ b/templates/flavors/base/linodeCluster.yaml
@@ -5,3 +5,8 @@ metadata:
   name: ${CLUSTER_NAME}
 spec:
   region: ${LINODE_REGION}
+  vpcRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+    kind: LinodeVPC
+    name: vpc-${CLUSTER_NAME}
+
diff --git a/templates/flavors/base/linodeVPC.yaml b/templates/flavors/base/linodeVPC.yaml
new file mode 100644
index 000000000..b491410c9
--- /dev/null
+++ b/templates/flavors/base/linodeVPC.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: LinodeVPC
+metadata:
+  name: vpc-${CLUSTER_NAME}
+spec:
+  region: ${LINODE_REGION}
+  subnets:
+    - ipv4: 10.0.0.0/8
+      label: default
+
diff --git a/templates/flavors/rke2/rke2ControlPlane.yaml b/templates/flavors/rke2/rke2ControlPlane.yaml
index f066303fc..8ad05cac0 100644
--- a/templates/flavors/rke2/rke2ControlPlane.yaml
+++ b/templates/flavors/rke2/rke2ControlPlane.yaml
@@ -21,6 +21,30 @@ spec:
           name: linode-${CLUSTER_NAME}-crs-0
       owner: root:root
       path: /var/lib/rancher/rke2/server/manifests/linode-token-region.yaml
+    - path: /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
+      owner: root:root
+      permissions: "0640"
+      content: |
+        apiVersion: helm.cattle.io/v1
+        kind: HelmChartConfig
+        metadata:
+          name: rke2-cilium
+          namespace: kube-system
+        spec:
+          valuesContent: |-
+            routingMode: native
+            kubeProxyReplacement: true
+            ipv4NativeRoutingCIDR: 10.0.0.0/8
+            tunnelProtocol: ""
+            enableIPv4Masquerade: true
+            ipam:
+              mode: kubernetes
+            ipv4:
+              enabled: true
+            ipv6:
+              enabled: false
+            k8s:
+              requireIPv4PodCIDR: true
   serverConfig:
     cni: cilium
     cloudProviderName: external