Cluster add-on upgrades, with a VPC CNI node-networking fix

Over the past week, alongside the EKS 1.36 production rollout, we shipped a round of cluster add-on updates. The notable one is a VPC CNI fix that makes node networking more robust at startup.

VPC CNI: more reliable node networking at startup

The AWS VPC CNI is now on v1.22.2-eksbuild.1. The version line we are now on carries an important fix to the CNI’s IP address management daemon (ipamd): the AWS API calls ipamd makes while it starts up now have client-side timeouts (#3649, #3644, originally shipped in v1.21.2).

Without those timeouts, one of those calls could hang indefinitely on a freshly launched node. The node would join the cluster and report Ready, but its CNI never finished initialising, so any pod scheduled onto it could not be assigned an IP and stayed stuck in ContainerCreating until the node was replaced. This is a rare failure mode we encountered; the timeouts convert that silent, indefinite hang into a fast, retryable error, so a stalled ipamd now recovers or becomes visible instead of black-holing the node.

v1.22.2 also reverts an enhanced subnet-discovery feature introduced in v1.22.1 that could cause EC2 API throttling on larger clusters.

Other add-on upgrades

• amazon-eks-ami v20260529
• flux v2.8.8 (from v2.8.7)
• Tailscale was updated (v1.98.5) as part of the move to the official Tailscale Kubernetes Operator — covered in the separate “Do more with Tailscale on your clusters” announcement.