Terraform-provider-google: Support for Google Cloud Router & Cloud NAT

Created on 12 Oct 2018  ยท  14Comments  ยท  Source: hashicorp/terraform-provider-google


Community Note

  • Please vote on this issue by adding a ๐Ÿ‘ reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

GCP just introduced a new Cloud NAT. - https://cloud.google.com/nat/docs/overview

Would be nice to have support for it in Terraform along with all our other resources we already have.

New or Affected Resource(s)

  • google_cloud_router
  • google_cloud_nat

Potential Terraform Configuration

resource "google_cloud_router" "primary" {
  name = "primary-router"
  network = google_compute_network.default.name
  region = "asia-east1"
}

resource "google_cloud_nat" "primary" {
  name = "primary-nat"
  network = google_compute_network.default.name
  region = "asia-east1"
  router = google_cloud_router.primary.name

  nat_mapping {
    source = "both" // or "primary" / "secondary"
    ip_address = google_compute_address.nat.address // omit to have ip be automatic
  }

  settings {
    min_ports = 64

    timeouts {
      udp = 30
      tcp_established = 1200
      tcp_transitory = 30
      icmp = 30
    }
  }
}

References

https://cloud.google.com/nat/docs/overview

enhancement
Source
picture KieranP
👍1285

Most helpful comment

This should be done within the month of November, folks, and released as soon after completion as is feasible. :) Thanks for your patience.

picture ndmckinley on 6 Nov 2018
26 👍18 🎉9

All 14 comments

Looking at https://cloud.google.com/nat/docs/apis#rest_api, it looks like all the operations are meant to be performed on the Router API resource, so it may make more sense to have this be a sub-block within Router. Maybe. It could be a candidate for fine-grained resourcehood.

paddycarver picture paddycarver on 12 Oct 2018

@paddycarver Yup, the sample terraform script was designed based on the currently google UI, but under the hood, I suspect they are just making one API request. Either way, being able to import/configure the cloud NATs in terraform would be great.

KieranP picture KieranP on 15 Oct 2018

API wise, this should be very similar to google_compute_router_interface. Creating this as a google_compute_router_nat should be relatively straightforward:

resource "google_compute_router_nat" "nat-gateway" {
  name       = "nat-gateway"
  router     = "router-1"
  region     = "us-central1"
  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
  nat_ip_allocate_option = "AUTO_ONLY"
  min_ports_per_vm = 64
  tcp_establishedIdle_timeout_sec = 1200
  udp_itle_timeout_sec = 30
}

API fields described in https://cloud.google.com/compute/docs/reference/rest/beta/routers/insert

drebes picture drebes on 22 Oct 2018

Just stumbled upon this one while terraforming private Kubernetes clusters (in isolated VPCs). In this case the Kubernetes nodes needs outbound connectivity for fetching container images. I created a Cloud NAT manually and everything works as expected then.

The possibility to integrate that into my terraform workflow as well would be superb. Looking forward to see this resource landing in the google-beta provider ๐Ÿ˜Š

akoenig picture akoenig on 1 Nov 2018

@akoenig, if all your container images are hosted on gcr.io, you can fetch them with Private Google Access, which is free.

drebes picture drebes on 1 Nov 2018
👍1

@drebes Yap, I know that. The setup uses images from other registries like quay.io (e.g. nginx-ingress, etc.) Unfortunately, this is not an option, but thanks for mentioning it. ๐Ÿ™‚

akoenig picture akoenig on 1 Nov 2018
👍1

This should be done within the month of November, folks, and released as soon after completion as is feasible. :) Thanks for your patience.

ndmckinley picture ndmckinley on 6 Nov 2018
26 👍18 🎉9

Merged in https://github.com/terraform-providers/terraform-provider-google-beta/pull/161.

danawillow picture danawillow on 1 Dec 2018
🎉7

I've download google-beta plugin and still get error
google_compute_router_nat.cloud-nat: Provider doesn't support resource: google_compute_router_nat
plugin version
terraform-provider-google-beta_v1.19.0_x4

zhhuta picture zhhuta on 12 Dec 2018

Router NAT isn't in 1.19, which was released in early october. It'll be in 1.20, to be released soon.

ndmckinley picture ndmckinley on 12 Dec 2018

In the meantime, you will need to compile the plug-in yourself and put it in .terraform/plugins/YOUR_ARCHITECTURE/ for so that it gets used.

Phylu picture Phylu on 12 Dec 2018

thanks for advice

zhhuta picture zhhuta on 12 Dec 2018

Just a heads up that 1.20.0 has been released. ๐ŸŽ‰

paddycarver picture paddycarver on 18 Dec 2018
🎉3

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error ๐Ÿค– ๐Ÿ™‰ , please reach out to my human friends ๐Ÿ‘‰ [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 31 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nthypes picture nthypes  ยท  4Comments
pdecat picture pdecat  ยท  3Comments
sho-abe picture sho-abe  ยท  3Comments
Zhann picture Zhann  ยท  3Comments
gilberthdez picture gilberthdez  ยท  3Comments