DIY for discrimiNAT on GCP
Key information on discrimiNAT for integration in your Infrastructure-as-Code
Table of Contents
IMAGE IDENTIFIERS
key | value |
---|---|
name | discriminat-2-0-3 |
project | chasersystems-public |
For older versions, please drop us a line and we’ll get back to you ASAP.
DEPLOYMENT ESSENTIALS
For effective functioning, the discrimiNAT will need:
- A machine type of at least 2 vCPU and 2 GiB RAM. An
e2-small
should suffice where throughput requirements are basic. - A service account that can read compute metadata, and write to logging and monitoring:
serviceAccounts: - email: <project_number>[email protected] scopes: - https://www.googleapis.com/auth/compute.readonly - https://www.googleapis.com/auth/logging.write - https://www.googleapis.com/auth/monitoring.write
- Ability to forward IP packets with the
canIpForward
property turned on. - A public IP.
- SSD disk type is recommended.
When deploying the instance(s), you may configure the availability (through a Managed Instance Group), routing and tagging as per your desired architecture. For example, the route to the Internet will be for destination 0.0.0.0/0
for instances without a public IP and should pass through the discrimiNAT instance — whether by tagging or by internal load-balancing.
For monitoring the logs and configuring the FQDN-based firewall egress rules, follow the Quick Start guide from Key Information onwards.
TERRAFORM EXAMPLE
Lookup
provider "google" {}
data "google_compute_image" "discriminat" {
name = "discriminat-2-0-3"
project = "chasersystems-public"
}
output "discriminat_image_self_link" {
value = data.google_compute_image.discriminat.self_link
}
Deploy
This example deployment code is to be considered a starting point for your own architecture and requirements.
provider "google" {}
data "google_compute_image" "discriminat" {
name = "discriminat-2-0-3"
project = "chasersystems-public"
}
resource "google_compute_instance" "discriminat" {
name = "discriminat"
machine_type = "e2-small"
can_ip_forward = true
boot_disk {
initialize_params {
type = "pd-ssd"
image = data.google_compute_image.discriminat.self_link
}
}
network_interface {
network = "default"
access_config {}
}
service_account {
scopes = ["compute-ro", "logging-write", "monitoring-write"]
}
}
gcloud CLI EXAMPLE
Lookup
gcloud compute images describe \
--format="value(selfLink)" \
--project chasersystems-public \
discriminat-2-0-3