❓👂 Question/Feedback - Creation of additional workload subnets

[integyjc]

Question/Feedback

Sorry if this is a daft question. I wondered how people are handling subnet creation when using this module? - We've leveraged this useful module for customer deployment as part of an internal orchestration module, and defined the subvending vnet as an existing resource to then continue the deployment with workload specific subnets etc

There is a warning in the documentation here around not creating subnets as child resources this way: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-virtual-networks

Is there a better way to do this currently or can the module be developed to support additional subnets?

Possible Answers/Solutions?

Certainly no BiCep expert but optional parameters to define additional subnets, name ,route table, cidr ?

[jtracey93]

Hey @integyjc,

Not at all, good question.

We cover a lot of this here: https://github.com/azure/bicep-lz-vending/wiki/knownissues#blank-or-empty-subnets-are-removed-when-re-deploying-this-module-on-a-subscription-and-associated-virtual-network-that-it-previously-provisioned

We really envision the subnets creation being done by the app teams once the subscription has been vended and passed to them. Hence why it's outside of this module.

We are awaiting some work on the vNet issue to be completed that will hopefully improve the scenario documented in the link above, and at that time we will probably look again at adding support for subnets.

But today if you are not planning to redeploy the sub vending module for the same subscription after its deployed, you can certainly use and define subnets as a child resource using a existing resource to lookup the vNet deployed by this module.

Hope that helps

[integyjc]

Hi @jtracey93 thank you for the response and all understood. I guess in our scenario, we are using the vending module as part of a wider orchestration module of a customers subscription vending process inc adding subnets, routes etc so there is a chance it could end up being re-deployed to make changes. We'd certainly want to add our voice to wanting a fix for: Azure/azure-quickstart-templates#2786

For now we'll have to split our deployment so that the vending module only ever gets run once

Thanks for the input!

[MilesCameron-DMs]

I am seeing this issue also, its is highly likely we will run vending pipelines again for adding other VNETS or adding resources we see as being required for vending.

[jtracey93]

Just an update on this. The VNET API changes to make this more of a possibility to create subnets in this module are on their way as per: Azure/azure-quickstart-templates#2786 (comment)

[sebassem]

Opened a PR on the AVM virtual network module to bump the API version so we can update our module to support this once merged.