Merge pull request #40 from sparkfabrik/fix/endpoint_independent_mapping

refs #000: fix enable endpoint independent mapping
sparkfabrik · Oct 25, 2022 · ff0c645 · ff0c645
2 parents 3fc88d0 + 68f0cb7
commit ff0c645
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 9 deletions.
diff --git a/main.tf b/main.tf
@@ -137,15 +137,20 @@ resource "random_id" "cloudnat_suffix" {
 }
 
 module "cloud_nat" {
-  source           = "terraform-google-modules/cloud-nat/google"
-  version          = "~> 2.2.0"
-  project_id       = var.project_id
-  region           = var.region
-  router           = format("%s-router", var.project_id)
-  name             = "${var.project_id}-cloud-nat-${random_id.cloudnat_suffix.hex}"
-  network          = google_compute_network.gitlab.self_link
-  create_router    = true
-  min_ports_per_vm = "2048"
+  source        = "terraform-google-modules/cloud-nat/google"
+  version       = "~> 2.2.0"
+  project_id    = var.project_id
+  region        = var.region
+  router        = format("%s-router", var.project_id)
+  name          = "${var.project_id}-cloud-nat-${random_id.cloudnat_suffix.hex}"
+  network       = google_compute_network.gitlab.self_link
+  create_router = true
+  # We force the endpoint independent mapping to false as described in this issue:
+  # https://github.com/hashicorp/terraform-provider-google/issues/10609
+  enable_endpoint_independent_mapping = false
+  min_ports_per_vm                    = var.cloud_nat_min_ports_per_vm
+  log_config_enable                   = var.cloud_nat_log_config_enable
+  log_config_filter                   = var.cloud_nat_log_config_filter
 }
 
 resource "google_compute_firewall" "admission_webhook" {

diff --git a/variables.tf b/variables.tf
@@ -577,3 +577,21 @@ variable "gitlab_gitaly_max_unavailable" {
   description = "For PodDisruptionBudget, how many pods can be unavailable at one time for Gitaly StatefulSet"
   default     = 0
 }
+
+variable "cloud_nat_min_ports_per_vm" {
+  type        = string
+  description = "Minimum number of ports allocated to a VM from this NAT config."
+  default     = "64"
+}
+
+variable "cloud_nat_log_config_enable" {
+  type        = bool
+  description = "Indicates whether or not to export logs."
+  default     = false
+}
+
+variable "cloud_nat_log_config_filter" {
+  type        = string
+  description = "Specifies the desired filtering of logs on this NAT. Valid values are: 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'."
+  default     = "ALL"
+}