使用 azurerm 配置 Terraform 子网时出错
Error while provisioning Terraform subnet using azurerm
最近我发现我的 AKS 集群拥有一个太小的子网。因此,我尝试添加第二个子网和节点池,这在如今的 Azure CNI 中是可能的,然后创建一个合适的子网并将其迁移回来。
在 terraform plan 期间,一切顺利且响应有效,但在应用时会引发错误。
Error: Error Creating/Updating Subnet "me-test-k8s-subnet2" (Virtual Network "me-test-k8s-vnet" / Resource Group "me-test-k8s-rg"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NetcfgInvalidSubnet" Message="Subnet 'me-test-k8s-subnet2' is not valid in virtual network 'me-test-k8s-vnet'." Details=[]
on main.tf line 28, in resource "azurerm_subnet" "subnet2":
28: resource "azurerm_subnet" "subnet2" {
我的原始集群是使用 Terraform:
的配置创建的
name = "${var.cluster_name}-rg"
location = "${var.location}"
}
resource "azurerm_virtual_network" "network" {
name = "${var.cluster_name}-vnet"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_space = ["10.1.0.0/16"]
}
resource "azurerm_subnet" "subnet" {
name = "${var.cluster_name}-subnet"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_prefixes = ["10.1.0.0/24"]
virtual_network_name = "${azurerm_virtual_network.network.name}"
}
为了让事情变得更简单,我决定先将子网添加到没有节点池的网络中。这将带我进入这个 terraform 计划:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_subnet.subnet2 will be created
+ resource "azurerm_subnet" "subnet2" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.2.0.0/22",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "me-test-k8s-subnet2"
+ resource_group_name = "me-test-k8s-rg"
+ virtual_network_name = "me-test-k8s-vnet"
}
希望有人能解释一下为什么会出现这个错误。
最好的,
皮姆
在虚拟网络中创建子网时,必须检查是否跳出网络范围
您刚刚超出网络掩码的范围:10.1.0.0/16
First host: 10.1.0.1
Last host: 10.1.255.254
您正在尝试创建子网 10.2.0.0/22。
为了不与已经创建的子网重叠,10.1.4.0/22,可以接受,例如
如我的评论和某人的回答中所述,Azure 抛出此错误是因为您正在尝试将 10.2.0.0/22 子网添加到 10.1.0.0/16 网络。即- 10.2.0.0/22 不是该网络的一部分。
我还想指出,当您 运行 未提交实际 API 调用 Azure 进行更改的 plan 时,这就是一切看起来不错的原因当你 运行 你的计划时给你,但当你尝试应用它时 Azure 抱怨。我觉得解释的很好in this tutorial。适用的摘录是:
Once you are happy with your declared configuration, you can ask
Terraform to generate an execution plan for it. The plan command in
the CLI is used to generate an execution plan from a configuration.
The execution plan tells you what changes Terraform would need to make
to bring your current infrastructure to the declared state in your
configuration.
If you accept the plan you can instruct Terraform to apply changes. Terraform will make the API calls required to implement the changes. If anything goes wrong terraform will not attempt to automatically rollback the infrastructure to the state it was in before running apply. This is because apply adheres to the plan
如果您尝试将另一个 vnet 部署到已经存在具有相同地址的 vnet 的订阅中,您也可能 运行 出现类似的错误 space。
最近我发现我的 AKS 集群拥有一个太小的子网。因此,我尝试添加第二个子网和节点池,这在如今的 Azure CNI 中是可能的,然后创建一个合适的子网并将其迁移回来。
在 terraform plan 期间,一切顺利且响应有效,但在应用时会引发错误。
Error: Error Creating/Updating Subnet "me-test-k8s-subnet2" (Virtual Network "me-test-k8s-vnet" / Resource Group "me-test-k8s-rg"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NetcfgInvalidSubnet" Message="Subnet 'me-test-k8s-subnet2' is not valid in virtual network 'me-test-k8s-vnet'." Details=[]
on main.tf line 28, in resource "azurerm_subnet" "subnet2":
28: resource "azurerm_subnet" "subnet2" {
我的原始集群是使用 Terraform:
name = "${var.cluster_name}-rg"
location = "${var.location}"
}
resource "azurerm_virtual_network" "network" {
name = "${var.cluster_name}-vnet"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_space = ["10.1.0.0/16"]
}
resource "azurerm_subnet" "subnet" {
name = "${var.cluster_name}-subnet"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_prefixes = ["10.1.0.0/24"]
virtual_network_name = "${azurerm_virtual_network.network.name}"
}
为了让事情变得更简单,我决定先将子网添加到没有节点池的网络中。这将带我进入这个 terraform 计划:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_subnet.subnet2 will be created
+ resource "azurerm_subnet" "subnet2" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.2.0.0/22",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "me-test-k8s-subnet2"
+ resource_group_name = "me-test-k8s-rg"
+ virtual_network_name = "me-test-k8s-vnet"
}
希望有人能解释一下为什么会出现这个错误。
最好的, 皮姆
在虚拟网络中创建子网时,必须检查是否跳出网络范围
您刚刚超出网络掩码的范围:10.1.0.0/16
First host: 10.1.0.1
Last host: 10.1.255.254
您正在尝试创建子网 10.2.0.0/22。
为了不与已经创建的子网重叠,10.1.4.0/22,可以接受,例如
如我的评论和某人的回答中所述,Azure 抛出此错误是因为您正在尝试将 10.2.0.0/22 子网添加到 10.1.0.0/16 网络。即- 10.2.0.0/22 不是该网络的一部分。
我还想指出,当您 运行 未提交实际 API 调用 Azure 进行更改的 plan 时,这就是一切看起来不错的原因当你 运行 你的计划时给你,但当你尝试应用它时 Azure 抱怨。我觉得解释的很好in this tutorial。适用的摘录是:
Once you are happy with your declared configuration, you can ask Terraform to generate an execution plan for it. The plan command in the CLI is used to generate an execution plan from a configuration. The execution plan tells you what changes Terraform would need to make to bring your current infrastructure to the declared state in your configuration.
If you accept the plan you can instruct Terraform to apply changes. Terraform will make the API calls required to implement the changes. If anything goes wrong terraform will not attempt to automatically rollback the infrastructure to the state it was in before running apply. This is because apply adheres to the plan
如果您尝试将另一个 vnet 部署到已经存在具有相同地址的 vnet 的订阅中,您也可能 运行 出现类似的错误 space。