diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go
index 6a94c5ca6..47adbce18 100644
--- a/bootstrapper/internal/kubernetes/kubernetes.go
+++ b/bootstrapper/internal/kubernetes/kubernetes.go
@@ -439,15 +439,13 @@ func getIPAddr() (string, error) {
 
 // setupExtraVals create a helm values map for consumption by helm-install.
 // Will move to a more dedicated place once that place becomes apparent.
-func (k *KubeWrapper) setupExtraVals(ctx context.Context, initialMeasurementsJSON []byte, idkeydigest []byte, measurementSalt []byte, subnetworkCIDR string, cloudServiceAccountURI string) (map[string]any, error) {
+func (k *KubeWrapper) setupExtraVals(ctx context.Context, initialMeasurementsJSON []byte, idkeydigest []byte, measurementSalt []byte, subnetworkPodCIDR string, cloudServiceAccountURI string) (map[string]any, error) {
 	extraVals := map[string]any{
 		"join-service": map[string]any{
 			"measurements":    string(initialMeasurementsJSON),
 			"measurementSalt": base64.StdEncoding.EncodeToString(measurementSalt),
 		},
-		"ccm": map[string]any{
-			"subnetworkCIDR": subnetworkCIDR,
-		},
+		"ccm": map[string]any{},
 	}
 
 	instance, err := k.providerMetadata.Self(ctx)
@@ -482,9 +480,10 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, initialMeasurementsJSO
 				return nil, errors.New("invalid ccm values")
 			}
 			ccmVals["GCP"] = map[string]any{
-				"projectID":  projectID,
-				"uid":        uid,
-				"secretData": string(rawKey),
+				"projectID":         projectID,
+				"uid":               uid,
+				"secretData":        string(rawKey),
+				"subnetworkPodCIDR": subnetworkPodCIDR,
 			}
 		}
 	case cloudprovider.Azure:
@@ -506,7 +505,8 @@ func (k *KubeWrapper) setupExtraVals(ctx context.Context, initialMeasurementsJSO
 				return nil, errors.New("invalid ccm values")
 			}
 			ccmVals["Azure"] = map[string]any{
-				"azureConfig": string(rawConfig),
+				"azureConfig":       string(rawConfig),
+				"subnetworkPodCIDR": subnetworkPodCIDR,
 			}
 
 			joinVals, ok := extraVals["join-service"].(map[string]any)
diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml
index 2b6bd474f..fb57e4003 100644
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml
@@ -22,12 +22,11 @@ spec:
           - cloud-controller-manager
           - --cloud-provider=azure
           - --leader-elect=true
-          - --cluster-cidr={{ .Values.subnetworkCIDR }}
           - -v=2
           - --controllers=*,-cloud-node
           - --cloud-config=/etc/azure/azure.json
           - --allocate-node-cidrs=false
-          - --configure-cloud-routes=true
+          - --configure-cloud-routes=false
           volumeMounts:
           - name: etckubernetes
             mountPath: /etc/kubernetes
diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml
index 85909502b..71aa18635 100644
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml
@@ -22,7 +22,7 @@ spec:
           - /cloud-controller-manager
           - --cloud-provider=gce
           - --leader-elect=true
-          - --cluster-cidr={{ .Values.subnetworkCIDR }}
+          - --cluster-cidr={{ .Values.GCP.subnetworkPodCIDR }}
           - -v=2
           - --use-service-account-credentials
           - --controllers=cloud-node,cloud-node-lifecycle,nodeipam,service,route
diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json
index 6ae4b6f3a..fefbaf73f 100644
--- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json
+++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/values.schema.json
@@ -5,8 +5,8 @@
             "description": "CSP to which the chart is deployed.",
             "enum": ["Azure", "GCP", "AWS", "QEMU"]
         },
-        "subnetworkCIDR": {
-            "description": "CIDR for the subnetwork of the cluster",
+        "subnetworkPodCIDR": {
+            "description": "CIDR Range for Pods in cluster",
             "type": "string",
             "examples": ["192.0.2.0/24"],
             "pattern": "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}"
@@ -31,13 +31,14 @@
                 "secretData": {
                     "description": "GCP service account key as a json-string",
                     "type": "string"
-                }
+                }                
             },
             "required": [
                 "image",
                 "projectID",
                 "uid",
-                "secretData"
+                "secretData",
+                "subnetworkPodCIDR"
             ]
         },
         "Azure": {
@@ -56,7 +57,8 @@
             },
             "required": [
                 "image",
-                "azureConfig"
+                "azureConfig",
+                "subnetworkPodCIDR"
             ]
         },
         "AWS": {
@@ -74,8 +76,7 @@
         }
     },
     "required": [
-        "csp",
-        "subnetworkCIDR"
+        "csp"
     ],
     "allOf": [
         {
diff --git a/cli/internal/helm/loader_test.go b/cli/internal/helm/loader_test.go
index e4a16dd29..2a5097f77 100644
--- a/cli/internal/helm/loader_test.go
+++ b/cli/internal/helm/loader_test.go
@@ -137,7 +137,7 @@ func prepareGCPValues(values map[string]any) error {
 	if !ok {
 		return errors.New("missing 'ccm' key")
 	}
-	ccmVals["subnetworkCIDR"] = "192.0.2.0/24"
+	ccmVals["GCP"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24"
 	ccmVals["GCP"].(map[string]any)["projectID"] = "42424242424242"
 	ccmVals["GCP"].(map[string]any)["uid"] = "242424242424"
 	ccmVals["GCP"].(map[string]any)["secretData"] = "baaaaaad"
@@ -158,7 +158,7 @@ func prepareAzureValues(values map[string]any) error {
 	if !ok {
 		return errors.New("missing 'ccm' key")
 	}
-	ccmVals["subnetworkCIDR"] = "192.0.2.0/24"
+	ccmVals["Azure"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24"
 	ccmVals["Azure"].(map[string]any)["azureConfig"] = "baaaaaad"
 
 	return nil
@@ -172,11 +172,5 @@ func prepareQEMUValues(values map[string]any) error {
 	joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}"
 	joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
 
-	ccmVals, ok := values["ccm"].(map[string]any)
-	if !ok {
-		return errors.New("missing 'ccm' key")
-	}
-	ccmVals["subnetworkCIDR"] = "192.0.2.0/24"
-
 	return nil
 }
diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml
index 44e0b5444..e75fb3cf4 100644
--- a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml
+++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml
@@ -22,12 +22,11 @@ spec:
         - cloud-controller-manager
         - --cloud-provider=azure
         - --leader-elect=true
-        - --cluster-cidr=192.0.2.0/24
         - -v=2
         - --controllers=*,-cloud-node
         - --cloud-config=/etc/azure/azure.json
         - --allocate-node-cidrs=false
-        - --configure-cloud-routes=true
+        - --configure-cloud-routes=false
         resources: {}
         volumeMounts:
         - name: etckubernetes