feat(removes nat_ip_allocate_option)!: add dynamic port mapping #73
Conversation
nikhilmakhijani
force-pushed
the
fix/dynamic_port
branch
from
51a3fea
to
9e2b99d
Compare
nikhilmakhijani
force-pushed
the
fix/dynamic_port
branch
from
9e2b99d
to
902036f
Compare
|
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days |
|
Please review @bharathkkb |
| @@ -57,6 +55,7 @@ resource "google_compute_router_nat" "main" { | |||
| tcp_established_idle_timeout_sec = var.tcp_established_idle_timeout_sec | |||
| tcp_transitory_idle_timeout_sec = var.tcp_transitory_idle_timeout_sec | |||
| enable_endpoint_independent_mapping = var.enable_endpoint_independent_mapping | |||
| enable_dynamic_port_allocation = var.enable_dynamic_port_allocation | |||
There was a problem hiding this comment.
This could be conditional, since the previous variable should be false if this one is true.
variables.tf
Outdated
| variable "enable_endpoint_independent_mapping" { | ||
| type = bool | ||
| description = "Specifies if endpoint independent mapping is enabled." | ||
| default = null | ||
| default = true |
There was a problem hiding this comment.
Any reason for changing this default?
There was a problem hiding this comment.
It is enabled by default as per the terraform documentation so I made it true here.
There was a problem hiding this comment.
This is not enabled by default in Google Cloud, see https://cloud.google.com/nat/docs/overview#specs-rfcs
By default, Endpoint-Independent Mapping is disabled when you create a NAT gateway.
The terraform documentation should probably be updated to match GCP and this set to false as default.
There was a problem hiding this comment.
@jcalero I took a peek at the provider and it seems like they actually default to true. It might be worth opening an issue there to point out this difference. @nikhilmakhijani Could we keep this a null for now so we can follow the provider default?
There was a problem hiding this comment.
Yes, I have updated it to null for now. Can we check whether it should be enabled or disabled as per best practice then update it accordingly?
There was a problem hiding this comment.
It's worth noting that Endpoint-Independent Mapping (EIM) will be disabled by default in future Terraform provider versions in order to be in sync with the Google default setting:
hashicorp/terraform-provider-google#10609
Speaking personally, I would definitely say the best practice for 99% of all deployments is to disable EIM but do enable Dynamic Port Allocation (DPA) as this will manage port allocations more efficiently and decrease the chance of Cloud NAT drops.
At a bare minimum, it should be an option to leverage DPA as the feature has been out over a year and I've yet to see any downside to using it.
There was a problem hiding this comment.
I believe when it is set to null it still ends up where is EIM is enabled. This is why I've opened a separate PR to set the value to false #113
nikhilmakhijani
force-pushed
the
fix/dynamic_port
branch
from
ac9980c
to
cecfe18
Compare
nikhilmakhijani
force-pushed
the
fix/dynamic_port
branch
from
cecfe18
to
9707cd2
Compare
|
@nikhilmakhijani |
|
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days |
|
/gcbrun |
|
Thanks for the contribution @nikhilmakhijani! I've triggered the CI, in the meantime can all the remaining comment threads be closed? |
|
Hi @nikhilmakhijani, relevant output from the INT cI: |
|
/gcbrun |
|
/gcbrun |
|
@apeabody any updates on this one? Would be great to be able to add dynamic port mapping to the module. |
|
/gcbrun |
Hi @sclausson - I've retriggered the CI, but I suspect this is still relevant #73 (comment) |
|
/gcbrun |
Hi @apeabody I have updated the test case. Could you please check again? |
|
/gcbrun |
|
Hi @nikhilmakhijani here is the current INT output: |
|
/gcbrun |
apeabody
changed the title
|
/gcbrun |
apeabody
changed the title
This MR includes the following changes: