diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
index b3eb531e5f0..9b821b2a33d 100644
--- a/data/data/install.openshift.io_installconfigs.yaml
+++ b/data/data/install.openshift.io_installconfigs.yaml
@@ -4791,6 +4791,16 @@ spec:
                   - cidr
                   type: object
                 type: array
+              installNetworkObservability:
+                description: |-
+                  InstallNetworkObservability is an optional field that enables network observability
+                  when omitted or set to "Enable". If the field is set to "Disable", it does nothing.
+                  Valid values are "", "Enable", "Disable".
+                enum:
+                - ""
+                - Enable
+                - Disable
+                type: string
               machineCIDR:
                 description: |-
                   Deprecated way to configure an IP address pool for machines.
diff --git a/go.mod b/go.mod
index 6f62ec9585e..3c767cac4a7 100644
--- a/go.mod
+++ b/go.mod
@@ -389,3 +389,5 @@ replace (
 	github.com/nutanix-cloud-native/cluster-api-provider-nutanix => github.com/nutanix-cloud-native/cluster-api-provider-nutanix v1.7.2-0.20251007022949-442bc2ebe286
 	sigs.k8s.io/cluster-api-provider-azure => github.com/mboersma/cluster-api-provider-azure v0.3.1-0.20251030205607-3161b9cc8d3e
 )
+
+replace github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297 => github.com/OlivierCazade/api v0.0.0-20260310172058-df85794acda8
\ No newline at end of file
diff --git a/go.sum b/go.sum
index 798361c3c05..0938dac2cec 100644
--- a/go.sum
+++ b/go.sum
@@ -163,6 +163,8 @@ github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSC
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
+github.com/OlivierCazade/api v0.0.0-20260310172058-df85794acda8 h1:xum6axaZ9eg1yBb8IN1pVC93wL9puTiirC+KtH4Jw3E=
+github.com/OlivierCazade/api v0.0.0-20260310172058-df85794acda8/go.mod h1:ZYAxo9t1AALeEotN07tNzIvqqqWSxcZIqMUKnY/xCeQ=
 github.com/OpenPeeDeeP/depguard/v2 v2.2.1 h1:vckeWVESWp6Qog7UZSARNqfu/cZqvki8zsuj3piCMx4=
 github.com/OpenPeeDeeP/depguard/v2 v2.2.1/go.mod h1:q4DKzC4UcVaAvcfd41CZh0PWpGgzrVxUYBlgKNGquUo=
 github.com/PaesslerAG/gval v1.0.0 h1:GEKnRwkWDdf9dOmKcNrar9EA1bz1z9DqPIO1+iLzhd8=
@@ -896,8 +898,6 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
 github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297 h1:QoHTB3QS859LUGE6NUTg98XiMz6Kzm3svQmo4tmgmlg=
-github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297/go.mod h1:ZYAxo9t1AALeEotN07tNzIvqqqWSxcZIqMUKnY/xCeQ=
 github.com/openshift/assisted-image-service v0.0.0-20250917153356-4ca9ff81f712 h1:UJVh+I/AWZcOJASGdiLcTXkWB1OYNhS/383DHMcRvCQ=
 github.com/openshift/assisted-image-service v0.0.0-20250917153356-4ca9ff81f712/go.mod h1:WGdSeSnK0voEWWwA4ar5eApNjGBLmGTpFurEKw/FXJc=
 github.com/openshift/assisted-service/api v0.0.0-20250922204150-a52b83145bea h1:YhJ9iHKKT5ooAdVr8qq3BdudhTxP/WF0XYDT5gzi1ak=
diff --git a/pkg/asset/manifests/network.go b/pkg/asset/manifests/network.go
index b79e7bb4896..c6163d545c1 100644
--- a/pkg/asset/manifests/network.go
+++ b/pkg/asset/manifests/network.go
@@ -70,6 +70,21 @@ func (no *Networking) Generate(_ context.Context, dependencies asset.Parents) er
 		serviceNet = append(serviceNet, sn.String())
 	}
 
+	networkSpec := configv1.NetworkSpec{
+		ClusterNetwork: clusterNet,
+		ServiceNetwork: serviceNet,
+		NetworkType:    netConfig.NetworkType,
+		// Block all Service.ExternalIPs by default
+		ExternalIP: &configv1.ExternalIPConfig{
+			Policy: &configv1.ExternalIPPolicy{},
+		},
+	}
+
+	// Set installNetworkObservability from the install config
+	if netConfig.InstallNetworkObservability != nil {
+		networkSpec.InstallNetworkObservability = netConfig.InstallNetworkObservability
+	}
+
 	no.Config = &configv1.Network{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: configv1.SchemeGroupVersion.String(),
@@ -79,15 +94,7 @@ func (no *Networking) Generate(_ context.Context, dependencies asset.Parents) er
 			Name: "cluster",
 			// not namespaced
 		},
-		Spec: configv1.NetworkSpec{
-			ClusterNetwork: clusterNet,
-			ServiceNetwork: serviceNet,
-			NetworkType:    netConfig.NetworkType,
-			// Block all Service.ExternalIPs by default
-			ExternalIP: &configv1.ExternalIPConfig{
-				Policy: &configv1.ExternalIPPolicy{},
-			},
-		},
+		Spec: networkSpec,
 	}
 
 	configData, err := yaml.Marshal(no.Config)
diff --git a/pkg/types/defaults/installconfig.go b/pkg/types/defaults/installconfig.go
index 30684dde13c..8425f41743e 100644
--- a/pkg/types/defaults/installconfig.go
+++ b/pkg/types/defaults/installconfig.go
@@ -58,6 +58,10 @@ func SetInstallConfigDefaults(c *types.InstallConfig) {
 			},
 		}
 	}
+	if c.Networking.InstallNetworkObservability == nil {
+		installNetworkObservability := "Enable"
+		c.Networking.InstallNetworkObservability = &installNetworkObservability
+	}
 
 	if c.Publish == "" {
 		c.Publish = types.ExternalPublishingStrategy
diff --git a/pkg/types/defaults/installconfig_test.go b/pkg/types/defaults/installconfig_test.go
index eaa8fe9a153..a87e9f3d9e1 100644
--- a/pkg/types/defaults/installconfig_test.go
+++ b/pkg/types/defaults/installconfig_test.go
@@ -20,6 +20,7 @@ import (
 )
 
 func defaultInstallConfig() *types.InstallConfig {
+	installNetworkObservability := "Enable"
 	return &types.InstallConfig{
 		AdditionalTrustBundlePolicy: defaultAdditionalTrustBundlePolicy(),
 		Networking: &types.Networking{
@@ -34,6 +35,7 @@ func defaultInstallConfig() *types.InstallConfig {
 					HostPrefix: int32(defaultHostPrefix),
 				},
 			},
+			InstallNetworkObservability: &installNetworkObservability,
 		},
 		ControlPlane: defaultMachinePool("master"),
 		Compute:      []types.MachinePool{*defaultMachinePool("worker")},
@@ -285,6 +287,32 @@ func TestSetInstallConfigDefaults(t *testing.T) {
 				return c
 			}(),
 		},
+		{
+			name: "InstallNetworkObservability nil",
+			config: &types.InstallConfig{
+				Networking: &types.Networking{
+					InstallNetworkObservability: nil,
+				},
+			},
+			expected: func() *types.InstallConfig {
+				c := defaultInstallConfig()
+				return c
+			}(),
+		},
+		{
+			name: "InstallNetworkObservability Disable",
+			config: &types.InstallConfig{
+				Networking: &types.Networking{
+					InstallNetworkObservability: func() *string { s := "Disable"; return &s }(),
+				},
+			},
+			expected: func() *types.InstallConfig {
+				c := defaultInstallConfig()
+				installNetworkObservability := "Disable"
+				c.Networking.InstallNetworkObservability = &installNetworkObservability
+				return c
+			}(),
+		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
diff --git a/pkg/types/installconfig.go b/pkg/types/installconfig.go
index 606d6943a89..1ddb6ee73bc 100644
--- a/pkg/types/installconfig.go
+++ b/pkg/types/installconfig.go
@@ -426,6 +426,14 @@ type Networking struct {
 	// pod network when NetworkType is set to OVNKubernetes.
 	OVNKubernetesConfig *OVNKubernetesConfig `json:"ovnKubernetesConfig,omitempty"`
 
+	// InstallNetworkObservability is an optional field that enables network observability
+	// when omitted or set to "Enable". If the field is set to "Disable", it does nothing.
+	// Valid values are "", "Enable", "Disable".
+	//
+	// +kubebuilder:validation:Enum="";Enable;Disable
+	// +optional
+	InstallNetworkObservability *string `json:"installNetworkObservability,omitempty"`
+
 	// Deprecated types, scheduled to be removed
 
 	// Deprecated way to configure an IP address pool for machines.
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index b32e9eded99..4703f9e741b 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -655,6 +655,11 @@ func (in *Networking) DeepCopyInto(out *Networking) {
 		*out = new(OVNKubernetesConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.InstallNetworkObservability != nil {
+		in, out := &in.InstallNetworkObservability, &out.InstallNetworkObservability
+		*out = new(string)
+		**out = **in
+	}
 	if in.DeprecatedMachineCIDR != nil {
 		in, out := &in.DeprecatedMachineCIDR, &out.DeprecatedMachineCIDR
 		*out = (*in).DeepCopy()
diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go
index fb8ed2fff74..bf6b75d0ef4 100644
--- a/vendor/github.com/openshift/api/config/v1/types_network.go
+++ b/vendor/github.com/openshift/api/config/v1/types_network.go
@@ -86,6 +86,13 @@ type NetworkSpec struct {
 	//
 	// +optional
 	NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"`
+
+	// installNetworkObservability is an optional field that enables network observability
+	// when omitted or set to enable.  If the field is set to disable, it does nothing.
+	// Valid values are "", "Enable", "Disable".
+	// +kubebuilder:validation:Enum:="";Enable;Disable
+	// +optional
+	InstallNetworkObservability *string `json:"installNetworkObservability,omitempty"`
 }
 
 // NetworkStatus is the current network configuration.
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
index 30b85b78e96..d3d6e7ca870 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
@@ -4302,6 +4302,11 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) {
 		(*in).DeepCopyInto(*out)
 	}
 	in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics)
+	if in.InstallNetworkObservability != nil {
+		in, out := &in.InstallNetworkObservability, &out.InstallNetworkObservability
+		*out = new(string)
+		**out = **in
+	}
 	return
 }
 
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
index 69fb37c5233..f1ef306e26a 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
@@ -2456,13 +2456,14 @@ func (NetworkMigration) SwaggerDoc() map[string]string {
 }
 
 var map_NetworkSpec = map[string]string{
-	"":                     "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.",
-	"clusterNetwork":       "IP address pool to use for pod IPs. This field is immutable after installation.",
-	"serviceNetwork":       "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.",
-	"networkType":          "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.",
-	"externalIP":           "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.",
-	"serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.",
-	"networkDiagnostics":   "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.",
+	"":                            "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.",
+	"clusterNetwork":              "IP address pool to use for pod IPs. This field is immutable after installation.",
+	"serviceNetwork":              "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.",
+	"networkType":                 "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.",
+	"externalIP":                  "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.",
+	"serviceNodePortRange":        "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.",
+	"networkDiagnostics":          "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.",
+	"installNetworkObservability": "installNetworkObservability is an optional field that enables network observability when omitted or set to enable.  If the field is set to disable, it does nothing. Valid values are \"\", \"Enable\", \"Disable\".",
 }
 
 func (NetworkSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ba32b9a7c7e..b6616438aba 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1314,7 +1314,7 @@ github.com/opencontainers/image-spec/specs-go/v1
 # github.com/opencontainers/runtime-spec v1.2.0
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
-# github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297
+# github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297 => github.com/OlivierCazade/api v0.0.0-20260310172058-df85794acda8
 ## explicit; go 1.24.0
 github.com/openshift/api/annotations
 github.com/openshift/api/config/v1