This module handles opinionated Google Cloud Platform Cloud NAT creation and configuration.
This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is 0.1.0.
There are multiple examples included in the examples folder but simple usage is as follows:
module "cloud-nat" {
source = "terraform-google-modules/cloud-nat/google"
project_id = "${var.project_id}"
region = "${var.region}"
router = "${google_compute_router.router.name}"
}Then perform the following commands on the root folder:
terraform initto get the pluginsterraform planto see the infrastructure planterraform applyto apply the infrastructure buildterraform destroyto destroy the built infrastructure
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_router | Create router instead of using an existing one, uses 'router' variable for new resource name. | string | "false" |
no |
| icmp_idle_timeout_sec | Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. | string | "30" |
no |
| min_ports_per_vm | Minimum number of ports allocated to a VM from this NAT config. Defaults to 64 if not set. Changing this forces a new NAT to be created. | string | "64" |
no |
| name | Defaults to 'cloud-nat-RANDOM_SUFFIX'. Changing this forces a new NAT to be created. | string | "" |
no |
| nat_ip_allocate_option | Value inferred based on nat_ips. If present set to MANUAL_ONLY, otherwise AUTO_ONLY. | string | "false" |
no |
| nat_ips | List of self_links of external IPs. Changing this forces a new NAT to be created. | list(string) | <list> |
no |
| network | VPN name, only if router is not passed in and is created by the module. | string | "" |
no |
| project_id | The project ID to deploy to | string | n/a | yes |
| region | The region to deploy to | string | n/a | yes |
| router | The name of the router in which this NAT will be configured. Changing this forces a new NAT to be created. | string | n/a | yes |
| router_asn | Router ASN, only if router is not passed in and is created by the module. | string | "64514" |
no |
| source_subnetwork_ip_ranges_to_nat | Defaults to ALL_SUBNETWORKS_ALL_IP_RANGES. How NAT should be configured per Subnetwork. Valid values include: ALL_SUBNETWORKS_ALL_IP_RANGES, ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, LIST_OF_SUBNETWORKS. Changing this forces a new NAT to be created. | string | "ALL_SUBNETWORKS_ALL_IP_RANGES" |
no |
| subnetworks | object | <list> |
no | |
| tcp_established_idle_timeout_sec | Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. Changing this forces a new NAT to be created. | string | "1200" |
no |
| tcp_transitory_idle_timeout_sec | Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. | string | "30" |
no |
| udp_idle_timeout_sec | Timeout (in seconds) for UDP connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. | string | "30" |
no |
| Name | Description |
|---|---|
| name | Name of the Cloud NAT |
| nat_ip_allocate_option | NAT IP allocation mode |
| region | Cloud NAT region |
| router_name | Cloud NAT router name |
Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
- Terraform and kubectl are installed on the machine where Terraform is executed.
- The Service Account you execute the module with has the right permissions.
- The APIs are active on the project you will launch the cluster in.
- If you are using a Shared VPC, the APIs must also be activated on the Shared VPC host project and your service account needs the proper permissions there.
- Terraform 0.12.x
- terraform-provider-google plugin v2.7.0
In order to execute this module you must have a Service Account with the following project roles:
In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:
- Compute Engine API - compute.googleapis.com
Refer to the contribution guidelines for information on contributing to this module.