Search code examples

Current map the CIDR values wrong in subnet creation

I have an Azure question. I use terraform in the Azure Cloud service. I try to start up 2 AKS cluster there. But I always get an error that my CIDR settings are wrong.

I use in Cluster one:

resource "azurerm_subnet" "cluster1-node-pool-subnet" {

  name                 = "cluster1-node-pool-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]


resource "azurerm_subnet" "cluster1-execution-nodes-subnet" {

  name                 = "cluster1-execution-nodes-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]


resource "azurerm_subnet" "cluster1-gpu-nodes-subnet" {
  count                = var.gpuNodePool ? 1 : 0
  name                 = "execution-nodes-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]


network_profile {
  network_plugin     = "azure"
  service_cidr       = ""  
  dns_service_ip     = ""    
  docker_bridge_cidr = "" 

and in Cluster two:

resource "azurerm_subnet" "default-node-pool-subnet" {

  name                 = "default-node-pool-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]


resource "azurerm_subnet" "execution-nodes-subnet" {

  name                 = "execution-nodes-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]


resource "azurerm_subnet" "gpu-nodes-subnet" {
  count                = var.gpuNodePool ? 1 : 0
  name                 = "execution-nodes-subnet"
  resource_group_name  = azurerm_virtual_network.cluster-vnet.resource_group_name
  virtual_network_name =
  address_prefixes     = [""]

network_profile {
  network_plugin     = "azure"
  service_cidr       = ""
  dns_service_ip     = ""
  docker_bridge_cidr = ""

Azur now tell me that the prefix is wrong.

│ Error: creating Subnet: (Name "cluster1-node-pool-subnet" / Virtual Network Name "cluster-vnet" / Resource Group "cluster-infra-network"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidCIDRNotation" Message="The address prefix in resource /subscriptions/xxx/resourceGroupscluster-infra-network/providers/Microsoft.Network/virtualNetworks/cluster-vnet/subnets/cluster1-node-pool-subnet has an invalid CIDR notation. For the given prefix length, the address prefix should be" Details=[]
│   with azurerm_subnet.cluster1-node-pool-subnet,
│   on line 7, in resource "azurerm_subnet" "cluster1-node-pool-subnet":
│    7: resource "azurerm_subnet" "cluster1-node-pool-subnet" {
│ Error: creating Subnet: (Name "cluster1-execution-nodes-subnet" / Virtual Network Name "cluster-vnet" / Resource Group "cluster-infra-network"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidCIDRNotation" Message="The address prefix in resource /subscriptions/xxx/resourceGroups/cluster-infra-network/providers/Microsoft.Network/virtualNetworks/cluster-vnet/subnets/cluster1-execution-nodes-subnet has an invalid CIDR notation. For the given prefix length, the address prefix should be" Details=[]
│   with azurerm_subnet.cluster1-execution-nodes-subnet,
│   on line 14, in resource "azurerm_subnet" "cluster1-execution-nodes-subnet":
│   14: resource "azurerm_subnet" "cluster1-execution-nodes-subnet" {

In my mind the CIDR and prefix are valid. any idea what is wrong?


  • There are basically two issues in your subnet definitions:

    1. Azure tells you that you are using invalid CIDR notations. E.g. in case of cluster1-node-pool-subnet you are specifying in address prefix [""]. While is a valid IP address, it belongs to the subnet and Azure insists that you need to specify the address prefix based on the network address of the subnet.

      The same applies to e.g. which belongs to the subnet

    2. This unveils the second issue, which Azure will report to you once the first is fixed: In both subnets you are using the same address prefixes in the subnets you are defining. To overcome this you could use e.g. [""] for cluster1-node-pool-subnet and [""] for default-node-pool-subnet and so on.