Terrafrom cidrsubnets

Terraform
1

Hello, Seeking to get some help around the cidrsubents functionality in terraform. I have a vpc cidr, 10.0.0.0/16, I wanted to get three private database subnets /25, four public /26 subnets and four other private /23 subnets. How can I achieve this dynamically using cidrsubnets? Also, in future if I need to add an extra database subnet, it should be scalable such that it doesn’t re create any other subnets. Any help would be appreciated. TIA!

2

Hi @arjunlibrian,

The cidrsubnets function is quite low-level and so can be difficult to use directly. There’s a wrapper module hashicorp/subnets/cidr which offers a higher-level interface wrapping that function.

If you want to use that existing module directly then you could potentially call it like this:

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    {
      name     = "privatedb-0"
      new_bits = 9
    },
    {
      name     = "privatedb-1"
      new_bits = 9
    },
    {
      name     = "privatedb-2"
      new_bits = 9
    },
    {
      name     = "private-0"
      new_bits = 7
    },
    {
      name     = "private-1"
      new_bits = 7
    },
    {
      name     = "private-2"
      new_bits = 7
    },
    {
      name     = "private-3"
      new_bits = 7
    },
    {
      name     = "public-0"
      new_bits = 10
    },
    {
      name     = "public-1"
      new_bits = 10
    },
    {
      name     = "public-2"
      new_bits = 10
    },
    {
      name     = "public-3"
      new_bits = 10
    },
  ]
}

The expression module.subnet_addrs.network_cidr_blocks would then refer to a map from the subnet names (e.g. public-0) to the associated CIDR block addresses.

You can add and remove networks as long as you consider the constraints described in Changing Networks Later.

Alternatively, you could refer to the source code of the module to learn how it uses cidrsubnets, which would hopefully then allow you to write your own wrapper module that solves a similar problem but more tailored to your specific requirements.

4

Hi @arjunlibrian,

Unfortunately for this sort of problem some amount of “hard-coding” is typically needed because it’s very important that the relationship between network and cidr_block remain constant under future maintenance. Most attempts to make it more dynamic would cause problems if you need to add a new subnet later, because the confirmation must somehow know to allocate that new subnet either at the end of the address space, or in an unallocated gap left by deleting a previously-allocated subnet.

If you would prefer to manage these relationships somewhere other than directly in your Terraform configuration then you may need to set up a separate network address planning service – which might, for example, track subnet allocations in a mutable database rather than as code – and then use data sources to fetch those allocations for use in Terraform. However, that would then move the IP address allocation problem outside of Terraform and so this wouldn’t really be a Terraform question anymore.

5

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.