Terraform: unable to deploy Azure HDInsight

Question

I'm attempting to deploy Azure HDInsight Kafka cluster using the following Terraform script:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  name     = "my-resource-group"
  location = "eastus"
}

resource "azurerm_virtual_network" "virtual_network" {
    resource_group_name = azurerm_resource_group.rg.name
    name = "my-vnet"
    location = "eastus"
    address_space = ["10.136.82.0/24"]
}

resource "azurerm_subnet" "subnet" {
  name                 = "subnet-3"
  resource_group_name  = "my-resource-group"
  virtual_network_name = "my-vnet"
  address_prefixes     = ["10.136.82.64/27"]
}

resource "azurerm_storage_account" "storage_account" {
  name                     = "my-storage-account"
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = azurerm_resource_group.rg.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_container" "storage_container" {
  name                  = "hdinsight"
  storage_account_name  = azurerm_storage_account.storage_account.name
  container_access_type = "private"
}

resource "azurerm_hdinsight_kafka_cluster" "kafka_cluster" {
  name                = "my-hdicluster"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  cluster_version     = "4.0"
  tier                = "Standard"

  component_version {
    kafka = "2.4"
  }

  gateway {
    username = "my-username"
    password = "my-password"
  }

  storage_account {
    storage_container_id = azurerm_storage_container.storage_container.id
    storage_account_key  = azurerm_storage_account.storage_account.primary_access_key
    is_default           = true
  }

  roles {
    head_node {
      virtual_network_id = azurerm_virtual_network.virtual_network.id
      subnet_id = azurerm_subnet.subnet.id
      vm_size  = "Standard_D3_V2"
      username = "my-username"
      password = "my-password"
    }

    worker_node {
      virtual_network_id = azurerm_virtual_network.virtual_network.id
      subnet_id = azurerm_subnet.subnet.id
      vm_size                  = "Standard_D3_V2"
      username                 = "my-username"
      password                 = "my-password"
      number_of_disks_per_node = 3
      target_instance_count    = 3
    }

    zookeeper_node {
      virtual_network_id = azurerm_virtual_network.virtual_network.id
      subnet_id = azurerm_subnet.subnet.id
      vm_size  = "Standard_D3_V2"
      username = "my-username"
      password = "my-password"
    }
  }
}

At the time of this deployment my VNET is completely empty (i.e. no subnets):

az network vnet subnet list \                                                                                                  ─╯
    --resource-group my-resource-group \
    --vnet-name my-vnet \
    --query "[].{Name: name, AddressPrefix: addressPrefix}" \
    --output table

The output is empty (as expected).

The error which I receive during this deployment is:

Error: failure creating HDInsight Kafka Cluster "sccrpoc-hdicluster" 
 (Resource Group "my-resource-group"): hdinsight.ClustersClient#Create: 
 Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest"
  Message="Address prefix was not valid in the subnet. 
  Please ensure there is only one ipv4 address prefix in the subnet. 
  VirtualNetworkId: '/subscriptions/my-subscription/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworks/my-vnet',
   SubnetName: '/subscriptions/my-subscription/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworks/my-vnet/subnets/subnet-3'"

What changes should I make in order to make this deployment successful?

Answer 1

I have misconfigured my subnet, which was causing azure to create an additional one with a conflicting address space