feat(eks): configure serviceIpv4Cidr on the cluster (#16957)

Refs:
1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html
2. https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr

Notes:
1. Currently I have not updated the integ tests since the deployed takes a lot of time and it requires inferentia service limit increase. Do you think this change needs an integ tests updating (tried it out locally and it succeeded till auto-scaling)? 
2. Couldn't find a good place in the Readme to add this feature. Would really help if we could come up with a good explanation and place for the same.

Closes #16541 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-eks/lib/cluster-resource.ts

@@ -16,6 +16,7 @@ export interface ClusterResourceProps {
   readonly resourcesVpcConfig: CfnCluster.ResourcesVpcConfigProperty;
   readonly roleArn: string;
   readonly encryptionConfig?: Array<CfnCluster.EncryptionConfigProperty>;
+  readonly kubernetesNetworkConfig?: CfnCluster.KubernetesNetworkConfigProperty;
   readonly name: string;
   readonly version?: string;
   readonly endpointPrivateAccess: boolean;
@@ -78,6 +79,7 @@ export class ClusterResource extends CoreConstruct {
           version: props.version,
           roleArn: props.roleArn,
           encryptionConfig: props.encryptionConfig,
+          kubernetesNetworkConfig: props.kubernetesNetworkConfig,
           resourcesVpcConfig: {
             subnetIds: (props.resourcesVpcConfig as CfnCluster.ResourcesVpcConfigProperty).subnetIds,
             securityGroupIds: (props.resourcesVpcConfig as CfnCluster.ResourcesVpcConfigProperty).securityGroupIds,

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -540,6 +540,15 @@ export interface ClusterOptions extends CommonClusterOptions {
    *            using AWS-Managed encryption keys.
    */
   readonly secretsEncryptionKey?: kms.IKey;
+
+  /**
+   * The CIDR block to assign Kubernetes service IP addresses from.
+   *
+   * @default - Kubernetes assigns addresses from either the
+   *            10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
+   * @see https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr
+   */
+  readonly serviceIpv4Cidr?: string;
 }
 
 /**
@@ -1223,6 +1232,9 @@ export class Cluster extends ClusterBase {
           resources: ['secrets'],
         }],
       } : {}),
+      kubernetesNetworkConfig: props.serviceIpv4Cidr ? {
+        serviceIpv4Cidr: props.serviceIpv4Cidr,
+      } : undefined,
       endpointPrivateAccess: this.endpointAccess._config.privateAccess,
       endpointPublicAccess: this.endpointAccess._config.publicAccess,
       publicAccessCidrs: this.endpointAccess._config.publicCidrs,

packages/@aws-cdk/aws-eks/test/cluster.test.ts

@@ -2888,4 +2888,26 @@ describe('cluster', () => {
     expect(providerNestedStackTemplate?.Resources?.Handler886CB40B?.Properties?.MemorySize).toEqual(4096);
 
   });
+
+  test('create a cluster using custom kubernetes network config', () => {
+    // GIVEN
+    const { stack } = testFixture();
+    const customCidr = '172.16.0.0/12';
+
+    // WHEN
+    new eks.Cluster(stack, 'Cluster', {
+      version: CLUSTER_VERSION,
+      serviceIpv4Cidr: customCidr,
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('Custom::AWSCDK-EKS-Cluster', {
+      Config: {
+        kubernetesNetworkConfig: {
+          serviceIpv4Cidr: customCidr,
+        },
+      },
+    });
+
+  });
 });