-
Solved: Error 403: The caller does not have permission
Recently I got a very confusing error when setting up a PubSub subscription to write to a Big Query table via terraform. Here’s the partial terraform code snippet: And the input variable subscriptions looks like: It doesn’t show any error when doing terraform plan however it gives 403 error when applying. After some googling I…
-
How to Avoid Rebuild Resources with Terraform/Terragrunt
I use Terraform and Terragrunt a lot at work to keep track of infrastructure changes. Sometimes I refactored code in modules so there’s no change to infrastructure but since the module changed terraform will insist to rebuild affected resources. It’s not quite comfortable to destroy some resources and then just create exactly the same ones.…
-
How to Use the Sidecar Resource to Optimise Memory Footprint of Istio Sidecar
In a populous GKE cluster, I saw the memory utilisation getting very high. After some investigation, to my surprise, a great deal of memory was consumed by tiny Istio sidecars. And they are getting bloated round the clock. The Istio sidecar essentially is an envoy proxy configured by Istio controller – istiod. It’s usually light-weight,…
-
Terraform: String Manipulation for Default Domains
Imaging when I needed to grant access to a Google storage bucket for a list of Google service accounts, I put the list in YAML like this: Assuming horizon is the default GCP project and mass-effect is a partner project and most GSAs are of course from the default project. So can this list be…
-
How to Replace Characters in MongoDB
TL; DR: As of MongoDB 6.0, this is how I learned to replace some characters in a field in all documents. In the example below all “.” characters in field_name will be replaced by “_” character: The backstory is when using MongoDB with MongoEngine, there’s an issue when a key in a dictionary field contains…
-
Sample Terraform Code to Manage Temporary Access to GCP
TL; DR: This is a way to grant a temporary access to some GCP resources using Terraform’s time_static and google_project_iam_member resources. 🙂
-
Solved: Uninstallation of config-connector Got Stuck in ArgoCD
The Kubernetes Config Connector is another level of IaC(Infrastructure as Code): It wraps Google Cloud resources like a Cloud Load Balancer with Kubernetes CRDs(Custom Resource Definition) so instead of writing Terraform HCL I can write YAML to manage GCP infrastructure. However when there’s a need to uninstall a config-connector, it got stuck in ArgoCD As…
-
Django DB Migration Job with ArgoCD
A Job in Kubernetes is a one-off and immutable task to be carried out during deployment. But what if a job needs to run for each deployment? A new job with the same name can’t be deployed on top of the existing one, given it in completed or failed state. Since Kubernetes 1.23, A TTL(Time…