diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 642f3f49..54e56d67 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -50,6 +50,14 @@ jobs:
       id-token: write # needed for keyless signing
 
     steps:
+    - name: 'Free disk space'
+      # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
+      run: |
+        sudo rm -rf /usr/share/dotnet
+        sudo rm -rf /opt/ghc
+        sudo rm -rf /usr/local/share/boost
+        sudo rm -rf $AGENT_TOOLSDIRECTORY
+
     - name: 'Checkout'
       uses: actions/checkout@v3
 
diff --git a/aws/_modules/eks/master.tf b/aws/_modules/eks/master.tf
index 2b910bd2..ed8f6b0d 100644
--- a/aws/_modules/eks/master.tf
+++ b/aws/_modules/eks/master.tf
@@ -10,6 +10,13 @@ resource "aws_eks_cluster" "current" {
     public_access_cidrs     = var.cluster_public_access_cidrs
   }
 
+  dynamic "kubernetes_network_config" {
+    for_each = var.cluster_service_cidr != null ? toset([1]) : toset([])
+    content {
+      service_ipv4_cidr = var.cluster_service_cidr
+    }
+  }
+
   dynamic "encryption_config" {
     for_each = var.cluster_encryption_key_arn != null ? toset([1]) : toset([])
     content {
diff --git a/aws/_modules/eks/variables.tf b/aws/_modules/eks/variables.tf
index 673367dd..f958293d 100644
--- a/aws/_modules/eks/variables.tf
+++ b/aws/_modules/eks/variables.tf
@@ -160,6 +160,12 @@ variable "cluster_public_access_cidrs" {
   description = "List of CIDR blocks which can access the Amazon EKS public API server endpoint. EKS defaults this to a list with 0.0.0.0/0."
 }
 
+variable "cluster_service_cidr" {
+  type        = string
+  default     = null
+  description = "Sets the Service CIDR for the EKS cluster."
+}
+
 variable "cluster_encryption_key_arn" {
   type        = string
   default     = null
diff --git a/aws/cluster/configuration.tf b/aws/cluster/configuration.tf
index 5c01ad56..3f666d70 100644
--- a/aws/cluster/configuration.tf
+++ b/aws/cluster/configuration.tf
@@ -82,6 +82,7 @@ locals {
   cluster_endpoint_public_access     = lookup(local.cfg, "cluster_endpoint_public_access", true)
   cluster_public_access_cidrs_lookup = lookup(local.cfg, "cluster_public_access_cidrs", null)
   cluster_public_access_cidrs        = local.cluster_public_access_cidrs_lookup == null ? null : split(",", local.cluster_public_access_cidrs_lookup)
+  cluster_service_cidr               = lookup(local.cfg, "cluster_service_cidr", null)
 
   cluster_encryption_key_arn = lookup(local.cfg, "cluster_encryption_key_arn", null)
 }
diff --git a/aws/cluster/main.tf b/aws/cluster/main.tf
index f0c0d785..446bd635 100644
--- a/aws/cluster/main.tf
+++ b/aws/cluster/main.tf
@@ -55,6 +55,7 @@ module "cluster" {
   cluster_endpoint_private_access = local.cluster_endpoint_private_access
   cluster_endpoint_public_access  = local.cluster_endpoint_public_access
   cluster_public_access_cidrs     = local.cluster_public_access_cidrs
+  cluster_service_cidr            = local.cluster_service_cidr
 
   cluster_encryption_key_arn = local.cluster_encryption_key_arn