From 9593c2ddd504388c7b5d77046a66f1958078a67f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Martins?= <andre@cilium.io>
Date: Wed, 15 Apr 2026 11:05:50 +0200
Subject: [PATCH] main.tf: add missing NAT that prevented connectivity to
 outside
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The VM requires connectivity to the outside, thus we need to add
this NAT in order for it to work.

Signed-off-by: André Martins <andre@cilium.io>
---
 install/main.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/install/main.tf b/install/main.tf
index b2250f8..f54a967 100644
--- a/install/main.tf
+++ b/install/main.tf
@@ -153,6 +153,24 @@ resource "google_compute_health_check" "http_health_check" {
   }
 }
 
+# Cloud Router for NAT gateway
+resource "google_compute_router" "router" {
+  name    = "nat-router"
+  project = var.project_id
+  region  = var.region
+  network = "default"
+}
+
+# Cloud NAT to allow instances without public IPs to access the internet
+resource "google_compute_router_nat" "nat" {
+  name                               = "nat-gateway"
+  project                            = var.project_id
+  router                             = google_compute_router.router.name
+  region                             = var.region
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+}
+
 # Reserve a global static IP for the load balancer
 resource "google_compute_global_address" "lb_ip" {
   name = "lb-ip"