Cloud NAT: "Creating a router with multiple features is currently unsupported."

[Bruce]

I'm trying to use Deployment Manager to configure a Cloud NAT instance, but I'm getting an error message that isn't telling me much:

    "Creating a router with multiple features is currently unsupported."

Can someone please explain what "multiple features" refers to in this case?

Here are my deployment manager files. nat.jinja:

resources:

-

 type: compute.v1.address

 name: nat-static-ip-{{ properties['compute.region'] }}

 properties:

   region: {{ properties['compute.region'] }}

   description: NAT router static IP

-

 name: nat-router-{{ properties['compute.region'] }}

 type: compute.v1.router

 properties:

   description: "NAT router for egress from private Kubernetes clusters"

   network: projects/{{ properties['core.project'] }}/global/networks/default

   region: {{ properties['compute.region'] }}

   bgp:

     asn: {{ properties['asn'] }}

   nats:

     -

       name: nat-{{ properties['compute.region'] }}

       sourceSubnetworkIpRangesToNat: ALL_SUBNETWORKS_ALL_IP_RANGES

       natIpAllocateOption: MANUAL_ONLY

       natIPs:

         - $(ref.nat-static-ip-{{ properties['compute.region'] }}.selfLink)

nat.jinja.schema:

info:

 title: NAT router for egress from private Kubernetes clusters

imports:

 - path: nat.jinja

properties:

 core.project:

   type: string

   description: gcloud config get-value core/project

 compute.region:

   type: string

   description: gcloud config get-value compute/region

   default: us-west1

 asn:

   type: integer

   description: "You can use any private ASN (64512 - 65534, 4200000000 - 4294967294) that you are not using elsewhere in your network"

   default: 64512

Thanks,

Bruce

[Germán (Google Cloud Support)]

Hello Bruce,

To address your concern, while the error does not specify where the error is, try removing the following part from your configuration:

bgp:

asn: {{ properties['asn'] }}

As when configuring a Cloud Router for Cloud NAT, you don't need to specify a Google side ASN (autonomous system number). Do keep in mind that you may use gcloud [1] or the Compute Engine API to create your Cloud NAT configuration.

[1]https://cloud.google.com/nat/docs/using-nat#create_nat

[Bruce]

Thanks Germán,

My hope was that I could specify my entire network as a single declarative configuration. I assumed that's what

Deployment Manager was designed to enable, but I'm finding it rough going. Do people build their infrastructure

using the REST API, in your experience? It seems like there should be a declarative, idempotent layer implemented

on top of that API somewhere, but I'm not seeing it.

Thanks again,

- Bruce

[Germán (Google Cloud Support)]

Hello Bruce,

Deployment manager is meant to perform repeatable deployments by specifying all the resources needed for your application using yaml files.

While I can't respond to how other platform users choose to deploy, using the REST API is the way to go. All our Cloud APIs are well documented at [1] for your reference.

[1]https://cloud.google.com/apis/docs/overview