Clusters add routes to new CIDRs in under 1 hour

fincd-aws · fincd-aws · commit af3399368b0a · 2025-07-16T16:13:49.000-07:00
diff --git a/latest/ug/networking/network-reqs.adoc b/latest/ug/networking/network-reqs.adoc
@@ -34,7 +34,7 @@ For example, assume that you made a cluster and specified four subnets. In the o
 +
 If you need more IP addresses than the CIDR blocks in the VPC have, you can add additional CIDR blocks by link:vpc/latest/userguide/working-with-vpcs.html#add-ipv4-cidr[associating additional Classless Inter-Domain Routing (CIDR) blocks,type="documentation"] with your VPC. You can associate private (RFC 1918) and public (non-RFC 1918) CIDR blocks to your VPC either before or after you create your cluster.
 +
-You can use the new CIDR block immediately after you add it. However, because the control plane recognizes the new CIDR block only after the reconciliation is complete, it can take a cluster up to five hours for a CIDR block that you associated with a VPC to be recognized. Then you can run the `kubectl exec` and `kubectl logs` commands. Also, if you have Pods that operate as a webhook backend, then you must wait for the control plane reconciliation to complete.
+You can add nodes that use the new CIDR block immediately after you add it. However, because the control plane recognizes the new CIDR block only after the reconciliation is complete, it can take a cluster up to one hour for a CIDR block that you associated with a VPC to be recognized. Then you can run the `kubectl cp`, `kubectl exec`, `kubectl logs`, and `kubectl port-forward` commands (these commands use the `kubelet API`) for nodes and pods in the new CIDR block. Also, if you have Pods that operate as a webhook backend, then you must wait for the control plane reconciliation to complete.
 
 * Avoid IP address range overlaps when you connect your EKS cluster to other VPCs through Transit Gateway, VPC peering, or other networking configurations. CIDR conflicts occur when your EKS cluster's service CIDR overlaps with the CIDR of a connected VPC. In these scenarios, ServiceIP addresses take priority over resources in connected VPCs with the same IP address, although traffic routing can become unpredictable and applications may fail to connect to intended resources.
 +

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ For example, assume that you made a cluster and specified four subnets. In the o`
`34`	`34`	`+`
`35`	`35`	`If you need more IP addresses than the CIDR blocks in the VPC have, you can add additional CIDR blocks by link:vpc/latest/userguide/working-with-vpcs.html#add-ipv4-cidr[associating additional Classless Inter-Domain Routing (CIDR) blocks,type="documentation"] with your VPC. You can associate private (RFC 1918) and public (non-RFC 1918) CIDR blocks to your VPC either before or after you create your cluster.`
`36`	`36`	`+`
`37`		-You can use the new CIDR block immediately after you add it. However, because the control plane recognizes the new CIDR block only after the reconciliation is complete, it can take a cluster up to five hours for a CIDR block that you associated with a VPC to be recognized. Then you can run the `kubectl exec` and `kubectl logs` commands. Also, if you have Pods that operate as a webhook backend, then you must wait for the control plane reconciliation to complete.
	`37`	+You can add nodes that use the new CIDR block immediately after you add it. However, because the control plane recognizes the new CIDR block only after the reconciliation is complete, it can take a cluster up to one hour for a CIDR block that you associated with a VPC to be recognized. Then you can run the `kubectl cp`, `kubectl exec`, `kubectl logs`, and `kubectl port-forward` commands (these commands use the `kubelet API`) for nodes and pods in the new CIDR block. Also, if you have Pods that operate as a webhook backend, then you must wait for the control plane reconciliation to complete.
`38`	`38`
`39`	`39`	`* Avoid IP address range overlaps when you connect your EKS cluster to other VPCs through Transit Gateway, VPC peering, or other networking configurations. CIDR conflicts occur when your EKS cluster's service CIDR overlaps with the CIDR of a connected VPC. In these scenarios, ServiceIP addresses take priority over resources in connected VPCs with the same IP address, although traffic routing can become unpredictable and applications may fail to connect to intended resources.`
`40`	`40`	`+`