diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile
index 9e42dfa2c024..e80fc5634988 100644
--- a/deploy/kicbase/Dockerfile
+++ b/deploy/kicbase/Dockerfile
@@ -290,6 +290,12 @@ RUN rm -rf \
   /usr/share/doc/* \
   /usr/share/man/* \
   /usr/share/local/*
+
+# Per https://systemd.io/CONTAINER_INTERFACE/, /etc/machine-id must be present
+# but empty in a container image so it is freshly initialized on each boot.
+# Remove /var/lib/dbus/machine-id so that systemd-machine-id-setup cannot fall
+# back to a baked-in value, which would make every container share the same ID.
+RUN truncate -s 0 /etc/machine-id && rm -f /var/lib/dbus/machine-id
 RUN echo "kic! Build: ${COMMIT_SHA} Time :$(date)" > "/kic.txt"
 
 # squash all layers into one
diff --git a/deploy/kicbase/entrypoint b/deploy/kicbase/entrypoint
index 7b3fcb95a635..634ce93e6ec4 100755
--- a/deploy/kicbase/entrypoint
+++ b/deploy/kicbase/entrypoint
@@ -357,14 +357,6 @@ retryable_fix_cgroup() {
     exit 31
 }
 
-fix_machine_id() {
-  # Deletes the machine-id embedded in the node image and generates a new one.
-  # This is necessary because both kubelet and other components like weave net
-  # use machine-id internally to distinguish nodes.
-  echo 'INFO: clearing and regenerating /etc/machine-id' >&2
-  rm -f /etc/machine-id
-  systemd-machine-id-setup
-}
 
 fix_product_name() {
   # this is a small fix to hide the underlying hardware and fix issue #426
@@ -545,7 +537,6 @@ configure_containerd
 configure_proxy
 fix_mount
 retryable_fix_cgroup
-fix_machine_id
 fix_product_name
 fix_product_uuid
 select_iptables