Is it possible to run gitlab as https/ssh through OS-Login IAP tunnels?
Using TCP forwarding makes DNS protocol useless since it uses UDP (not TCP).
Also as John Hanley mentioned - this will break all SSL certificates.
Note: I have not tested this with GitLab and this will break items such as SSL certificates. I think the better approach is to have a public IP address and then configure VPC Firewall Rules to only allow your IP addresses to access the server OR set up a VPN such as OpenVPN or WireGuard.
Additionally keep in mind the limitations when using TCP Forwarding:
Bandwidth: IAP's TCP forwarding feature isn't intended for bulk transfer of data. IAP reserves the right to rate-limit users abusing this service.
Connection length: IAP automatically disconnects sessions after 1 hour of inactivity. We recommend having logic in your applications to handle reestablishing a tunnel when it becomes disconnected.
The latter shouldn't be an issue since I don't think anyone would keep the tunnel inactive for so long while working.
I'd take John's advice about using VPN instead of a TCP forwarding into consideration. This will allow you run any software protocol without issues and bandwidth rate limiting.
You can also restrict access to the VM using GCP Firewall rules.