Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_container_app_environment updated to support minimum subnet size of /27 #23776

Open
1 task done
morrro01 opened this issue Nov 3, 2023 · 4 comments
Open
1 task done

azurerm_container_app_environment updated to support minimum subnet size of /27 #23776

morrro01 opened this issue Nov 3, 2023 · 4 comments
Labels
documentation enhancement service/container-apps v/3.x

Comments

@morrro01
Copy link

morrro01 commented Nov 3, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.4.6

AzureRM Provider Version

3.75.0

Affected Resource(s)/Data Source(s)

azurerm_container_app_environment

Terraform Configuration Files

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "East US"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-network"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  address_space       = ["10.0.0.0/23"]
  dns_servers         = ["10.0.0.4", "10.0.0.5"]

  subnet {
    name           = "primary"
    address_prefix = "10.0.1.0/25"
  }

  subnet {
    name           = "secondary"
    address_prefix = "10.0.1.128/25"
  }

  subnet {
    name           = "services"
    address_prefix = "10.0.2.0/25"
  }

  tags = {
    environment = "Production"
  }
}

resource "azurerm_container_app_environment" "example" {
  name                      = "prod-eastus-container-app-env"
  location                  = azurerm_resource_group.example.location
  resource_group_name       = azurerm_resource_group.example.name
  infrastructure_subnet_id  = azurerm_virtual_network.example.subnet["primary"].id
}

Debug Output/Panic Output

CreateOrUpdate: managedenvironments.ManagedEnvironmentsClient#CreateOrUpdate:
Failure sending request: StatusCode=0 -- Original Error:
Code="ManagedEnvironmentInvalidNetworkConfiguration" Message="The environment
network configuration is invalid: Provided subnet must have a size of at
least /23"

Expected Behaviour

Container environment should have been created and delegated to the virtual network subnet defined by the infrastructure_subnet_id argument.

Support of subnet sizes of /27 or larger became generally available August 30th, 2023 for workload profile environments (consumption-only still requires /23).

It might be that the resource needs an additional argument of something like type to differentiate between workload and consumption types. Additionally, the documentation for container_app_environment incorrectly notes "/21 or larger address space" for the infrastructure_subnet_id argument.

Actual Behaviour

Terraform Plan operation succeeds with no indication of an issue. Terraform Apply operation fails with message of "The environment network configuration is invalid: Provided subnet must have a size of at least /23".

Steps to Reproduce

No response

Important Factoids

No response

References

microsoft/azure-container-apps#584
@kamalini1986
Copy link

I am working in this . Could you please assign this issue to my name.

@davidkarlsen
Copy link
Contributor

Doesn't this rely on workload profiles #22161 - consumption only (the only profile azurerm provider currently supports) still require /23.

@morrro01
Copy link
Author

Doesn't this rely on workload profiles #22161 - consumption only (the only profile azurerm provider currently supports) still require /23.

Coming back to this; sorry for the delay.

Yes, this requires workload profiles. I wound up getting around this for now by using the azapi provider and passing null to the properties.workloadProfiles property of the JSON body against the resource type of Microsoft.App/managedEnvironments@2022-11-01-preview.

@kewalaka
Copy link

I've been working on an AVM module and have been using AZAPI too, originally because when I started workload profiles weren't supported at all in the azurerm provider. This is how I've implemented it to allow for combinations of consumption & dedicated profiles, open to feedback:

https://github.com/Azure/terraform-azurerm-avm-res-app-managedenvironment/blob/2297c53ce88f5091808a44f2024a18421bdb90e0/main.tf#L31-L37

      workloadProfiles = var.workload_profiles_enabled ? setunion([
        {
          name                = "Consumption"
          workloadProfileType = "Consumption"
        }],
        var.workload_profiles
      ) : null

There's some examples of usage in the repo too - used for end to end tests.

The approach I'm taking tracks the 'interface' of the azurerm provide from the perspective of the module inputs, under the hood I'm using AzAPI - which is why I've stuck with the variable "workload_profiles", whereas a better name might be 'dedicated_workload_profiles'. I'm hoping that means that as AzureRM matures I'll be able to modify the implementation with minimal-to-no breaking changes, whilst keeping the same module input/interface.

Hope that is useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation enhancement service/container-apps v/3.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@davidkarlsen @kewalaka @morrro01 @rcskosir @kamalini1986