我想使用 Terraform 为 EKS 创建一个新子网。在同一个账户中,已经创建了 VPC 并创建了一些子网。
locals {
vpc_cidr_block = "10.148.52.0/22"
public_subnets = [
"10.148.52.0/27",
"10.148.54.0/27",
]
# ...
private_subnets_3 = [
"10.148.52.80/28",
"10.148.54.80/28",
]
subnets_4 = [
"10.148.52.240/28",
"10.148.54.240/28",
]
eks_private_subnets = [
"10.148.52.128/25",
"10.148.54.128/25",
]
}
resource "aws_subnet" "eks_private" {
count = length(local.eks_private_subnets)
vpc_id = aws_vpc.this.id
cidr_block = local.eks_private_subnets[count.index]
availability_zone = local.azs[count.index]
}
运行部署时,出现以下错误:
Error: error creating subnet: InvalidSubnet.Conflict: The CIDR '10.148.54.128/25' conflicts with another subnet
status code: 400, request id: 11111111111-111111-1111111-1111111111111
on main.tf line 50, in resource "aws_subnet" "eks_private":
50: resource "aws_subnet" "eks_private" {
Error: error creating subnet: InvalidSubnet.Conflict: The CIDR '10.148.52.128/25' conflicts with another subnet
status code: 400, request id: 22222222222-222222-22222-222222222222222
on network.tf line 50, in resource "aws_subnet" "eks_private":
50: resource "aws_subnet" "eks_private" {
.128/25 大小似乎与其他子网冲突。但我想在这个 VPC 中创建一个 /25 大小的子网,这不可能吗?否则,我是否需要创建一个新的 VPC 来使用?
答案1
结束这个问题,问题是你试图将相同的 CIDR 范围分配给两个子网。你需要将子网 CIDR 范围分配到可用范围之外。你可能会发现两种工具很有用
- https://registry.terraform.io/modules/hashicorp/subnets/cidr/latest
- http://www.davidc.net/sites/default/subnets/subnets.html
如果您使用更常见的 CIDR 块大小,您可能会发现这更容易,尽管这并不总是可能的。带有 /24 子网的 /16 VPC 相当常见并且易于理解。