From 140652cfaf0cd241047b169d278bbc4fda850902 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 3 Aug 2021 17:12:15 +0100 Subject: [PATCH] Simplify the docs I've now added a Cloud Router and Cloud NAT to the private cluster terraform config, so many of the components that need to be in place to set this up for a private cluster will already have been deployed. --- docs/howto/operate/manual-nfs-setup.md | 70 ++++---------------------- 1 file changed, 10 insertions(+), 60 deletions(-) diff --git a/docs/howto/operate/manual-nfs-setup.md b/docs/howto/operate/manual-nfs-setup.md index c53b2d494b..39ccbfe4ad 100644 --- a/docs/howto/operate/manual-nfs-setup.md +++ b/docs/howto/operate/manual-nfs-setup.md @@ -10,12 +10,12 @@ Using `gcloud`, the command is: ```bash gcloud compute instances create nfs-server-01 \ ---image=ubuntu-2004-focal-v20210720 \ ---image-project=ubuntu-os-cloud \ ---machine-type=g1-small \ ---boot-disk-device-name=nfs-server-01 \ ---boot-disk-size=100GB \ ---boot-disk-type=pd-standard + --image=ubuntu-2004-focal-v20210720 \ + --image-project=ubuntu-os-cloud \ + --machine-type=g1-small \ + --boot-disk-device-name=nfs-server-01 \ + --boot-disk-size=100GB \ + --boot-disk-type=pd-standard ``` ````{note} @@ -34,51 +34,11 @@ gcloud computer images describe IMAGE_NAME --project=IMAGE_PROJECT ``` ```` -### Deploying a host VM with no External IP - -If you are working in a project that restricts the use of external IPs, there are a few extra steps to consider. -While the NFS server does not require an external IP address to do it's job, internet access is required to install the appropriate packages in the next section. -Therefore, we will temporarily deploy a [Cloud NAT](https://cloud.google.com/nat/docs) to grant internet access to our VM. - ```{note} -Tutorials on this will mention setting up a firewall rule to allow SSH connections. -However, if you're in the situation of being restricted on external IPs, you likely deployed the cluster with the `enable_private_cluster` variable set to `true` which means there is already a firewall rule allowing SSH connections in place. +If deploying a NFS server for a **private** cluster, add the `--no-address` flag to the `gcloud compute instances create` command. +This will prevent the VM trying to claim an external IP address, which will not be allowed within the private configuration. ``` -1. Create a Cloud Router instance for your region. - We will assume `us-central1`. - - ```bash - gcloud compute routers create nat-router-us-central1 \ - --network default \ - --region us-central1 - ``` - -2. Configure the routers for Cloud NAT - - ```bash - gcloud compute routers nats create nat-config \ - --router-region us-central1 \ - --router nat-router-us-central1 \ - --nat-all-subnet-ip-ranges \ - --auto-allocate-nat-external-ips - ``` - -3. Test your VM has access to the internet. - SSH into it: - - ```bash - gcloud compute ssh nfs-server-01 --tunnel-through-iap - ``` - - Use the `curl` command to make an outbound request: - - ```bash - curl example.com - ``` - - This should print some raw html to your console. - ## Setting up the NFS Server Once your VM has been deployed, SSH into it so we can configure the NFS server. @@ -88,7 +48,8 @@ gcloud compute ssh nfs-server-01 ``` ```{note} -Don't forget to add the `--tunnel-through-iap` flag if you deployed the VM **without** an external IP! +If the cluster you are setting up the NFS for is **private**, you will need to add the `--tunnel-through-iap` flag to the above command. +This is because the VM will not have an external IP address and will therefore need to be routed differently. ``` 1. Install the dependencies @@ -126,14 +87,3 @@ Don't forget to add the `--tunnel-through-iap` flag if you deployed the VM **wit ```bash sudo exportfs ``` - -### Deleting the Cloud NAT resources - -Once the NFS server is configured, the Cloud NAT resources can be deleted. - -```bash -gcloud compute routers nats delete nat-config \ - --router nat-router-us-central1 - -gcloud compute routers delete nat-router-us-central1 -```