diff --git a/pkg/model/components/kindnet.go b/pkg/model/components/kindnet.go
index 7b461f70873cf..b9a6d082050a6 100644
--- a/pkg/model/components/kindnet.go
+++ b/pkg/model/components/kindnet.go
@@ -40,12 +40,12 @@ func (b *KindnetOptionsBuilder) BuildOptions(o *kops.Cluster) error {
 		c.Version = "v1.8.0"
 	}
 
-	if clusterSpec.IsIPv6Only() {
+	if o.GetCloudProvider() == kops.CloudProviderAWS && clusterSpec.IsIPv6Only() {
 		if c.Masquerade == nil {
-			c.Masquerade = &kops.KindnetMasqueradeSpec{
-				Enabled: fi.PtrTo(false),
-			}
+			c.Masquerade = &kops.KindnetMasqueradeSpec{}
 		}
+		c.Masquerade.Enabled = fi.PtrTo(false)
+		c.NAT64 = fi.PtrTo(false)
 	} else {
 		// Kindnet should masquerade well known ranges if kops is not doing it
 		if c.Masquerade == nil {
diff --git a/upup/models/cloudup/resources/addons/networking.kindnet/k8s-1.32.yaml.template b/upup/models/cloudup/resources/addons/networking.kindnet/k8s-1.32.yaml.template
index 21498dac04246..5a0d4a027b170 100644
--- a/upup/models/cloudup/resources/addons/networking.kindnet/k8s-1.32.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.kindnet/k8s-1.32.yaml.template
@@ -105,35 +105,25 @@ spec:
         args:
         - /bin/kindnetd
         - --hostname-override=$(NODE_NAME)
-        {{- if .Networking.Kindnet.LogLevel }}
         - --v={{ .Networking.Kindnet.LogLevel }}
-        {{- end }}
-        {{- if .Networking.Kindnet.NetworkPolicies }}
+        {{ if .Networking.Kindnet.NetworkPolicies }}
         - --network-policy={{ .Networking.Kindnet.NetworkPolicies }}
-        {{- end }}
-        {{- if .Networking.Kindnet.AdminNetworkPolicies }}
+        {{ end }}
+        {{ if .Networking.Kindnet.AdminNetworkPolicies }}
         - --admin-network-policy={{ .Networking.Kindnet.AdminNetworkPolicies }}
-        {{- end }}
-        {{- if .Networking.Kindnet.BaselineAdminNetworkPolicies }}
+        {{ end }}
+        {{ if .Networking.Kindnet.BaselineAdminNetworkPolicies }}
         - --admin-network-policy={{ .Networking.Kindnet.BaselineAdminNetworkPolicies }}
-        {{- end }}
-        {{- if .Networking.Kindnet.DNSCaching }}
-        - --dns-caching={{ .Networking.Kindnet.DNSCaching }}
-        {{- end }}
-        {{- if .Networking.Kindnet.NAT64 }}
-        - --nat64={{ .Networking.Kindnet.NAT64 }}
-        {{- end }}
-        {{- if .Networking.Kindnet.FastPathThreshold }}
+        {{ end }}
+        - --dns-caching={{ WithDefaultBool .Networking.Kindnet.DNSCaching true }}
+        - --nat64={{ WithDefaultBool .Networking.Kindnet.NAT64 true }}
         - --fastpath-threshold={{ .Networking.Kindnet.FastPathThreshold }}
-        {{- end }}
         {{- if .Networking.Kindnet.Masquerade }}
-        {{- if .Networking.Kindnet.Masquerade.Enabled }}
-        - --masquerading={{ .Networking.Kindnet.Masquerade.Enabled }}
-        {{- end }}
-        {{- if .Networking.Kindnet.Masquerade.NonMasqueradeCIDRs }}
+        - --masquerading={{ WithDefaultBool .Networking.Kindnet.Masquerade.Enabled true }}
+        {{ if .Networking.Kindnet.Masquerade.NonMasqueradeCIDRs }}
         - --no-masquerade-cidr={{ range $index, $element := .Networking.Kindnet.Masquerade.NonMasqueradeCIDRs }}{{if $index}},{{end}}{{$element}}{{end}}
         {{- end }}
-        {{- end }}
+        {{ end }}
         env:
         - name: HOST_IP
           valueFrom: