[AVM Module Issue]: Unable to Add Container Instances to compute_type After Initial Default (Container App only) Deployment Due to Subnet Ranges Overlap

[AErmie]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Bug

(Optional) Module Version

0.2.0

(Optional) Correlation Id

No response

Description

When updating and existing GitHub Runner deployment (that was originally deployed with the default Azure Container Apps configuration), to include Azure Container Instances (ACI), Terraform throws multiple errors (ie. InUsePrefixCannotBeDeleted and NetcfgSubnetRangesOverlap) concerning subnet address space overlap.

Terraform Module Code:

module "github_runners" {
  source                                       = "Azure/avm-ptn-cicd-agents-and-runners/azurerm"
  version                                      = "~> 0.2"

  postfix                                      = "my-runners"
  location                                     = "Canada Central"

  compute_types = ["azure_container_app", "azure_container_instance"] # This is the only change that was made, adding 'azure_container_instance'

  version_control_system_type                  = "github"
  version_control_system_personal_access_token = var.github_personal_access_token
  version_control_system_organization          = "bcgov-c"
  version_control_system_repository            = "ecf-azure-startup-sample-app-serverless"
  virtual_network_address_space                = "10.0.0.0/16"

  # Adjusted values
  container_registry_name = "basicavmcr"

  tags                  = local.tags
}

Terraform Errors:

│ Error: Failed to create/update resource
│ 
│   with module.github_runners.module.virtual_network[0].module.subnet["container_registry_private_endpoint"].azapi_resource.subnet,
│   on .terraform/modules/github_runners.virtual_network/modules/subnet/main.tf line 1, in resource "azapi_resource" "subnet":
│    1: resource "azapi_resource" "subnet" {
│ 
│ creating/updating Resource: (ResourceId
│ "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-my-runners/providers/Microsoft.Network/virtualNetworks/vnet-my-runners/subnets/subnet-container-registry-private-endpoint-my-runners"
│ / Api Version "2023-11-01"): PUT
│ https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-my-runners/providers/Microsoft.Network/virtualNetworks/vnet-my-runners/subnets/subnet-container-registry-private-endpoint-my-runners
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: InUsePrefixCannotBeDeleted
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "InUsePrefixCannotBeDeleted",
│     "message": "IpPrefix 10.0.0.32/29 on Subnet subnet-container-registry-private-endpoint-my-runners has active allocations and cannot be deleted.",
│     "details": []
│   }
│ }
│ --------------------------------------------------------------------------------
│ 
╵
╷
│ Error: Failed to create/update resource
│ 
│   with module.github_runners.module.virtual_network[0].module.subnet["container_instance"].azapi_resource.subnet,
│   on .terraform/modules/github_runners.virtual_network/modules/subnet/main.tf line 1, in resource "azapi_resource" "subnet":
│    1: resource "azapi_resource" "subnet" {
│ 
│ creating/updating Resource: (ResourceId
│ "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-my-runners/providers/Microsoft.Network/virtualNetworks/vnet-my-runners/subnets/subnet-container-instance-my-runners"
│ / Api Version "2023-11-01"): PUT
│ https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-my-runners/providers/Microsoft.Network/virtualNetworks/vnet-my-runners/subnets/subnet-container-instance-my-runners
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: NetcfgSubnetRangesOverlap
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "NetcfgSubnetRangesOverlap",
│     "message": "Subnet 'subnet-container-instance-my-runners' is not valid because its IP address range overlaps with that of an existing subnet in virtual network 'vnet-my-runners'.",
│     "details": []
│   }
│ }
│ --------------------------------------------------------------------------------
│ 

Expectations

With the AVM module, I would expect it would support adding another compute_type (ie. azure_container_instance) after initially deploying the default configuration.

This would mean the initial VNet and subnet(s) created, should account for the networking needs of Azure Container Instances, to avoid having to delete the entire original deployment, and re-deploy using both compute_types from the beginning.

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Caution

**This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days. **

Tip

• To avoid this rule being (re)triggered, the "Needs: Triage 🔍" and "Status: Response Overdue 🚩" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention ‼️" label once the issue has been responded to.

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Caution

**This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days. **

Tip

• To avoid this rule being (re)triggered, the "Needs: Triage 🔍" and "Status: Response Overdue 🚩" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention ‼️" label once the issue has been responded to.

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Caution

**This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days. **

Tip

• To avoid this rule being (re)triggered, the "Needs: Triage 🔍" and "Status: Response Overdue 🚩" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention ‼️" label once the issue has been responded to.