DIY for discrimiNAT on GCP

Key information on discrimiNAT for integration in your Infrastructure-as-Code

Table of Contents

Ensure you’ve visited our marketplace page and accepted the terms & conditions, and any custom offers you may have been extended for your GCP account, first.

IMAGE IDENTIFIERS

keyvalue
namediscriminat-2-0-3
projectchasersystems-public

For older versions, please drop us a line and we’ll get back to you ASAP.

Contact our DevSecOps at [email protected] for queries at any stage of your journey. Alternatively, just reach out in the live chat.

DEPLOYMENT ESSENTIALS

For effective functioning, the discrimiNAT will need:

  1. A machine type of at least 2 vCPU and 2 GiB RAM. An e2-small should suffice where throughput requirements are basic.
  2. A service account that can read compute metadata, and write to logging and monitoring:
    serviceAccounts:
    - email: <project_number>[email protected]
    scopes:
        - https://www.googleapis.com/auth/compute.readonly
        - https://www.googleapis.com/auth/logging.write
        - https://www.googleapis.com/auth/monitoring.write
  3. Ability to forward IP packets with the canIpForward property turned on.
  4. A public IP.
  5. SSD disk type is recommended.

When deploying the instance(s), you may configure the availability (through a Managed Instance Group), routing and tagging as per your desired architecture. For example, the route to the Internet will be for destination 0.0.0.0/0 for instances without a public IP and should pass through the discrimiNAT instance — whether by tagging or by internal load-balancing.

For monitoring the logs and configuring the FQDN-based firewall egress rules, follow the Quick Start guide from Key Information onwards.

TERRAFORM EXAMPLE

Lookup

provider "google" {}

data "google_compute_image" "discriminat" {
  name    = "discriminat-2-0-3"
  project = "chasersystems-public"
}

output "discriminat_image_self_link" {
  value = data.google_compute_image.discriminat.self_link
}

Deploy

This example deployment code is to be considered a starting point for your own architecture and requirements.

provider "google" {}

data "google_compute_image" "discriminat" {
  name    = "discriminat-2-0-3"
  project = "chasersystems-public"
}

resource "google_compute_instance" "discriminat" {
  name         = "discriminat"
  machine_type = "e2-small"

  can_ip_forward = true

  boot_disk {
    initialize_params {
      type  = "pd-ssd"
      image = data.google_compute_image.discriminat.self_link
    }
  }

  network_interface {
    network = "default"
    access_config {}
  }

  service_account {
    scopes = ["compute-ro", "logging-write", "monitoring-write"]
  }
}
Contact our DevSecOps at [email protected] for queries at any stage of your journey. Alternatively, just reach out in the live chat.

gcloud CLI EXAMPLE

Lookup

gcloud compute images describe   \
  --format="value(selfLink)"     \
  --project chasersystems-public \
  discriminat-2-0-3
google-cloud deployment-manager terraform gcloud cli