Before we configure EKS, we need to enable secondary CIDR blocks in your VPC and make sure they have proper tags and route table configurations

Add secondary CIDRs to your VPC

There are restrictions on the range of secondary CIDRs you can use to extend your VPC. For more info, see IPv4 CIDR Block Association Restrictions

You can use below commands to add to your EKS cluster VPC. Please note to change the Values parameter to EKS cluster name if you used different name than eksctl-eksworkshop

VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=eksctl-eksworkshop* | jq -r '.Vpcs[].VpcId')

aws ec2 associate-vpc-cidr-block --vpc-id $VPC_ID --cidr-block

Next step is to create subnets. Before we do this step, let’s check how many subnets we are consuming. You can run this command to see EC2 instance and AZ details

aws ec2 describe-instances --filters "Name=tag:Name,Values=eksworkshop*" --query 'Reservations[*].Instances[*].[PrivateDnsName,Tags[?Key==`Name`].Value|[0],Placement.AvailabilityZone,PrivateIpAddress,PublicIpAddress]' --output table   
|                                                            DescribeInstances                                                           |
|  |  eksworkshop-eksctl-ng-475d4bc8-Node  |  us-east-2c |  | |
| |  eksworkshop-eksctl-ng-475d4bc8-Node  |  us-east-2a | | |
| |  eksworkshop-eksctl-ng-475d4bc8-Node  |  us-east-2b | |  |

I have 3 instances and using 3 subnets in my environment. For simplicity, we will use the same AZ’s and create 3 secondary CIDR subnets but you can certainly customize according to your networking requirements. Remember to change the AZ names according to your environment

export AZ1=us-east-2a
export AZ2=us-east-2b
export AZ3=us-east-2c
CGNAT_SNET1=$(aws ec2 create-subnet --cidr-block --vpc-id $VPC_ID --availability-zone $AZ1 | jq -r .Subnet.SubnetId)
CGNAT_SNET2=$(aws ec2 create-subnet --cidr-block --vpc-id $VPC_ID --availability-zone $AZ2 | jq -r .Subnet.SubnetId)
CGNAT_SNET3=$(aws ec2 create-subnet --cidr-block --vpc-id $VPC_ID --availability-zone $AZ3 | jq -r .Subnet.SubnetId)

Next step is to add Kubernetes tags on newer Subnets. You can check these tags by querying your current subnets

aws ec2 describe-subnets --filters Name=cidr-block,Values= --output text

Output shows similar to this

TAGS    aws:cloudformation:logical-id   SubnetPublicUSEAST2C
TAGS     eksworkshop-eksctl
TAGS    Name    eksctl-eksworkshop-eksctl-cluster/SubnetPublicUSEAST2C
TAGS    aws:cloudformation:stack-name   eksctl-eksworkshop-eksctl-cluster
TAGS        shared
TAGS    aws:cloudformation:stack-id     arn:aws:cloudformation:us-east-2:012345678901:stack/eksctl-eksworkshop-eksctl-cluster/8da51fc0-2b5e-11e9-b535-022c6f51bf82

Here are the commands to add tags to both the subnets

aws ec2 create-tags --resources $CGNAT_SNET1 --tags,Value=eksworkshop-eksctl
aws ec2 create-tags --resources $CGNAT_SNET1 --tags,Value=shared
aws ec2 create-tags --resources $CGNAT_SNET1 --tags,Value=1
aws ec2 create-tags --resources $CGNAT_SNET2 --tags,Value=eksworkshop-eksctl
aws ec2 create-tags --resources $CGNAT_SNET2 --tags,Value=shared
aws ec2 create-tags --resources $CGNAT_SNET2 --tags,Value=1
aws ec2 create-tags --resources $CGNAT_SNET3 --tags,Value=eksworkshop-eksctl
aws ec2 create-tags --resources $CGNAT_SNET3 --tags,Value=shared
aws ec2 create-tags --resources $CGNAT_SNET3 --tags,Value=1

As next step, we need to associate three new subnets into a route table. Again for simplicity, we chose to add new subnets to the Public route table that has connectivity to Internet Gateway

SNET1=$(aws ec2 describe-subnets --filters Name=cidr-block,Values= | jq -r .Subnets[].SubnetId)
RTASSOC_ID=$(aws ec2 describe-route-tables --filters Name=association.subnet-id,Values=$SNET1 | jq -r .RouteTables[].RouteTableId)
aws ec2 associate-route-table --route-table-id $RTASSOC_ID --subnet-id $CGNAT_SNET1
aws ec2 associate-route-table --route-table-id $RTASSOC_ID --subnet-id $CGNAT_SNET2
aws ec2 associate-route-table --route-table-id $RTASSOC_ID --subnet-id $CGNAT_SNET3