@Lukas Kotulac - Thanks for the question and using the MS Q&A platform.
According to the document shared, the third subnet (
plsubnet) is used for the private link endpoints. This subnet is separate from the first two subnets that are used by the workspace itself.
While it may be possible to deploy the private link endpoints in one of the first two subnets, it is generally recommended to use a separate subnet for private link endpoints. This is because private link endpoints require a different set of network security group (NSG) rules than the workspace itself. By using a separate subnet, you can apply different NSG rules to the private link endpoints without affecting the workspace.
Additionally, using a separate subnet for private link endpoints can help with network isolation and security. By keeping the private link endpoints in a separate subnet, you can control access to them separately from the workspace and other resources in the VNet.
So while it may be possible to deploy the private link endpoints in one of the first two subnets, it is generally recommended to use a separate subnet for the reasons mentioned above.
In case, if you still have question, please report an issue here: https://github.com/databricks/terraform-provider-databricks/issues
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click
Accept Answer and
Yes for was this answer helpful. And, if you have any further query do let us know.