diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..8617b3f
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,20 @@
+# To contribute improvements to CI/CD templates, please follow the Development guide at:
+# https://docs.gitlab.com/ee/development/cicd/templates.html
+# This specific template is located at:
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform-Module.gitlab-ci.yml
+
+include:
+  - template: Terraform/Module-Base.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml
+  - template: Jobs/SAST-IaC.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
+
+stages:
+  - validate
+  - build
+  - test
+  - deploy
+
+# See the included job template at `Terraform/Module-Base.gitlab-ci.yml` to learn about supported variables.
+deploy:
+  extends: .terraform-module:deploy
+  rules:
+    - if: $CI_COMMIT_TAG
diff --git a/locals.tf b/locals.tf
index 9350d14..c63a0e6 100644
--- a/locals.tf
+++ b/locals.tf
@@ -66,4 +66,14 @@ locals {
       }
     }
   }
-}
\ No newline at end of file
+}
+
+# Helper locals to DRY'up conditionals
+locals {
+  vnet_subnet_id = (var.node_subnet != null
+    ? var.node_subnet
+    : module.avm_res_network_virtualnetwork[0].subnets["subnet"].resource_id
+  )
+
+
+}
diff --git a/main.tf b/main.tf
index add2c96..b99b3e7 100644
--- a/main.tf
+++ b/main.tf
@@ -57,7 +57,7 @@ resource "azurerm_kubernetes_cluster" "this" {
     orchestrator_version   = var.orchestrator_version
     os_sku                 = "Ubuntu"
     tags                   = merge(var.tags, var.agents_tags)
-    vnet_subnet_id         = module.avm_res_network_virtualnetwork.subnets["subnet"].resource_id
+    vnet_subnet_id         = local.vnet_subnet_id
     zones                  = try([for zone in local.regions_by_name_or_display_name[var.location].zones : zone], null)
 
     upgrade_settings {
@@ -239,7 +239,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" {
   orchestrator_version  = each.value.orchestrator_version
   os_sku                = each.value.os_sku
   tags                  = var.tags
-  vnet_subnet_id        = module.avm_res_network_virtualnetwork.subnets["subnet"].resource_id
+  vnet_subnet_id        = local.vnet_subnet_id
   zones                 = each.value.zone == "" ? null : [each.value.zone]
 
   depends_on = [azapi_update_resource.aks_cluster_post_create]
@@ -271,6 +271,8 @@ module "avm_res_network_virtualnetwork" {
   source  = "Azure/avm-res-network-virtualnetwork/azurerm"
   version = "0.2.3"
 
+  count = var.node_subnet == null ? 1 : 0
+
   address_space       = var.node_cidr != null ? [var.node_cidr] : ["10.31.0.0/16"]
   location            = var.location
   name                = var.virtual_network_name
@@ -282,3 +284,5 @@ module "avm_res_network_virtualnetwork" {
     }
   }
 }
+
+
diff --git a/variables.tf b/variables.tf
index a048089..9dc5525 100644
--- a/variables.tf
+++ b/variables.tf
@@ -99,6 +99,12 @@ variable "node_cidr" {
   description = "(Optional) The CIDR to use for node IPs in the Kubernetes cluster. Changing this forces a new resource to be created."
 }
 
+variable "node_subnet" {
+  type        = string
+  default     = null
+  description = "(Optional) The resource id of the existing subnet to use for node IPs in the Kubernetes cluster. Changing this forces a new resource to be created."
+}
+
 variable "node_pools" {
   type = map(object({
     name                 = string