Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Google Cloud Router & Cloud NAT #2249

Closed
KieranP opened this issue Oct 12, 2018 · 14 comments
Closed

Support for Google Cloud Router & Cloud NAT #2249

KieranP opened this issue Oct 12, 2018 · 14 comments
Assignees
@modular-magician
Labels
enhancement

Comments

@KieranP
Copy link

KieranP commented Oct 12, 2018

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

GCP just introduced a new Cloud NAT. - https://cloud.google.com/nat/docs/overview

Would be nice to have support for it in Terraform along with all our other resources we already have.

New or Affected Resource(s)

  • google_cloud_router
  • google_cloud_nat

Potential Terraform Configuration

resource "google_cloud_router" "primary" {
  name = "primary-router"
  network = google_compute_network.default.name
  region = "asia-east1"
}

resource "google_cloud_nat" "primary" {
  name = "primary-nat"
  network = google_compute_network.default.name
  region = "asia-east1"
  router = google_cloud_router.primary.name

  nat_mapping {
    source = "both" // or "primary" / "secondary"
    ip_address = google_compute_address.nat.address // omit to have ip be automatic
  }

  settings {
    min_ports = 64
    
    timeouts {
      udp = 30
      tcp_established = 1200
      tcp_transitory = 30
      icmp = 30
    }
  }
}

References

https://cloud.google.com/nat/docs/overview
@ghost ghost added the enhancement label Oct 12, 2018
@paddycarver
Copy link
Contributor

Looking at https://cloud.google.com/nat/docs/apis#rest_api, it looks like all the operations are meant to be performed on the Router API resource, so it may make more sense to have this be a sub-block within Router. Maybe. It could be a candidate for fine-grained resourcehood.

@KieranP
Copy link
Author

KieranP commented Oct 14, 2018

@paddycarver Yup, the sample terraform script was designed based on the currently google UI, but under the hood, I suspect they are just making one API request. Either way, being able to import/configure the cloud NATs in terraform would be great.

@drebes
Copy link
Contributor

drebes commented Oct 22, 2018
edited
Loading

API wise, this should be very similar to google_compute_router_interface. Creating this as a google_compute_router_nat should be relatively straightforward:

resource "google_compute_router_nat" "nat-gateway" {
  name       = "nat-gateway"
  router     = "router-1"
  region     = "us-central1"
  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
  nat_ip_allocate_option = "AUTO_ONLY"
  min_ports_per_vm = 64
  tcp_establishedIdle_timeout_sec = 1200
  udp_itle_timeout_sec = 30
}

API fields described in https://cloud.google.com/compute/docs/reference/rest/beta/routers/insert

@akoenig
Copy link

akoenig commented Oct 31, 2018
edited
Loading

Just stumbled upon this one while terraforming private Kubernetes clusters (in isolated VPCs). In this case the Kubernetes nodes needs outbound connectivity for fetching container images. I created a Cloud NAT manually and everything works as expected then.

The possibility to integrate that into my terraform workflow as well would be superb. Looking forward to see this resource landing in the google-beta provider 😊

@drebes
Copy link
Contributor

drebes commented Nov 1, 2018

@akoenig, if all your container images are hosted on gcr.io, you can fetch them with Private Google Access, which is free.

@akoenig
Copy link

akoenig commented Nov 1, 2018
edited
Loading

@drebes Yap, I know that. The setup uses images from other registries like quay.io (e.g. nginx-ingress, etc.) Unfortunately, this is not an option, but thanks for mentioning it. 🙂

@Chupaka Chupaka mentioned this issue Nov 2, 2018
Closed
@nat-henderson
Copy link
Contributor

This should be done within the month of November, folks, and released as soon after completion as is feasible. :) Thanks for your patience.

@danawillow
Copy link
Contributor

Merged in hashicorp/terraform-provider-google-beta#161.

modular-magician pushed a commit to modular-magician/terraform-provider-google that referenced this issue Dec 4, 2018
@danawillow @modular-magician
Add router nat resource. For TPG hashicorp#2249.
5418cee
danawillow pushed a commit that referenced this issue Dec 5, 2018
@modular-magician @danawillow
Add router nat resource. For TPG #2249. (#2576)
f3ca2fa
nat-henderson pushed a commit that referenced this issue Dec 11, 2018
@modular-magician @nat-henderson
Add router nat resource. For TPG #2249. (#2576)
025596e
@zhhuta
Copy link

zhhuta commented Dec 12, 2018
edited
Loading

I've download google-beta plugin and still get error
google_compute_router_nat.cloud-nat: Provider doesn't support resource: google_compute_router_nat
plugin version
terraform-provider-google-beta_v1.19.0_x4

@nat-henderson
Copy link
Contributor

Router NAT isn't in 1.19, which was released in early october. It'll be in 1.20, to be released soon.

@Phylu
Copy link
Contributor

Phylu commented Dec 12, 2018

In the meantime, you will need to compile the plug-in yourself and put it in .terraform/plugins/YOUR_ARCHITECTURE/ for so that it gets used.

@zhhuta
Copy link

zhhuta commented Dec 12, 2018

thanks for advice

nat-henderson pushed a commit that referenced this issue Dec 13, 2018
@modular-magician @nat-henderson
Add router nat resource. For TPG #2249. (#2576)
e07e1ba
paddycarver pushed a commit that referenced this issue Dec 14, 2018
@modular-magician @paddycarver
Add router nat resource. For TPG #2249. (#2576)
b341899
@paddycarver
Copy link
Contributor

Just a heads up that 1.20.0 has been released. 🎉

nat-henderson pushed a commit that referenced this issue Dec 21, 2018
@modular-magician @nat-henderson
Add router nat resource. For TPG #2249. (#2576)
dc7b4dc
nat-henderson pushed a commit that referenced this issue Dec 21, 2018
@modular-magician @nat-henderson
Add router nat resource. For TPG #2249. (#2576)
eb843f6
@ghost
Copy link

ghost commented Dec 31, 2018

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Dec 31, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@modular-magician modular-magician

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@KieranP @paddycarver @akoenig @Phylu @nat-henderson @drebes @danawillow @zhhuta @modular-magician