bicep
bicep copied to clipboard
Azure
ability to carve vnet address space into multiple size subnets with the new cidrSubnet feature.
It would be nice to have the ability to carve up a vnet to multiple different subnets of multiple sizes.
This can be very useful for example with AKS, I can then have one subnet with a small cidr for my internal load balancers. Another for my pod's (a big one). Then one for something like private endpoints and another for application gateway.
Each one will never be the same cidr.
here is an example of a small clsuters with different subnets.
// AKS vNet
@description('The details needed for the AKS vNet. Configure to your needs.')
var AKSVNetConfiguration = {
name: 'vnet-aks-${customerName}-${environmentName}-${locationshortcode}'
test: {
VNetAddressPrefixes: [
'10.240.0.0/16'
]
Subnets: [
{
name: 'clusterresources'
addressPrefix: '10.240.0.0/20'
natGatewayId: NatGateway.outputs.resourceId
}
{
name: 'clusterroles'
addressPrefix: '10.240.16.16/28'
}
]
}
dev: {
}
prod: {}
}
Hope that makes sense
Can you share some pseudo-code of what you would like to be able to write in bicep? Are there any equivalent examples in powershell or hcl that we could use as a reference?
cc @majastrz / @jmorerice
Not the original requestor, but I too think this would be useful. Maybe something like this:
var subnetAddressPrefixes = cidrSubnets('10.0.0.0/16', [20, 24, 24])
Would result in an array with the following elements:
10.0.0.0/20
10.0.16.0/24
10.0.17.0/24
(assuming my subnet math is correct)
Yeah something like that would be good.
Then when you reference the output array you can do it like normal bicep [o] or [1] etc.
Not against this features but this is already kinda doable.
var vnetCidr = '10.240.0.0/16'
var aksNodes = cidrSubnet(vnetCidr, 20, 0)
var aksLB = cidrSubnet(cidrSubnet(vnetCidr, 20, 1), 24, 0)
var aksLB2 = cidrSubnet(cidrSubnet(vnetCidr, 20, 1), 24, 1)
output vnetCidr string = vnetCidr
output aksNodes string = aksNodes
output aksLB string = aksLB
output aksLB2 string = aksLB2
Not the prettiest code but it works
Not against this features but this is already kinda doable.
var vnetCidr = '10.240.0.0/16' var aksNodes = cidrSubnet(vnetCidr, 20, 0) var aksLB = cidrSubnet(cidrSubnet(vnetCidr, 20, 1), 24, 0) var aksLB2 = cidrSubnet(cidrSubnet(vnetCidr, 20, 1), 24, 1) output vnetCidr string = vnetCidr output aksNodes string = aksNodes output aksLB string = aksLB output aksLB2 string = aksLB2Not the prettiest code but it works
Interesting approach. My sample hard coded the three subnet sizes. However, I really envision this being used dynamically with parameter values. You wouldn't know the number or size of the subnets in advance.
You basically seek this: https://developer.hashicorp.com/terraform/language/functions/cidrsubnet
And it also basically it is what hinders us deeply to port our tf vnet module to bicep besides the lack of nested loops for the service delegations.
Quintessence: I'd need this as well.
Any other updates or info on this?
To provide a better use case, I need to determine the next address space available in a vnet.
Currently, I have it worked out to call the existing vnet and get the list of existing subnets. We also have the CIDR value of the new subnet. But the existing subnet CIDRs aren't identical. They can be anything from a /29 to a /25. There's no way of saying "What's the next available IP range of '/XX' size?" I also couldn't figure out a good way of creating a dynamic iteration of what @tehho up above implemented.
