-
A GKE Issue: Metadata Service Is Unreachable In Nodes
Recently I encountered some errors in a GKE cluster where a lot of pods were stuck at crash loop backoff state, which means the pods couldn’t recover on their own. When taking a closer look, I saw errors like: It’s a DNS issue then. However when I created a pod and ran some DNS tests…
-
ArgoCD, Jsonnet and Tanka in 2024
A few years ago, I got to know Jsonnet and I loved it at first sight. I used a nice little tool called tanka to manage my Jsonnet manifests and I got them working together with ArgoCD, and finally I re-deployed my blog using this combo. Everything worked like a charm, until… Recently I upgraded…
-
How to Enable Compression in Istio Ingress Gateway
TL; DR: here’s a code snippet to turn on gzip compression for Istio’s ingress gateway, using Envoy filter. Tested with Istio 1.16 and Kubernetes 1.26. To test it with curl: 🙂
-
How to Mount an Existing Google Persistent Disk to a Pod in GKE
TL; DR: Below are steps to mount an existing Google Persistent Disk to a pod in a GKE cluster in the same region. Most of the time I’d prefer to run stateless pods in Kubernetes clusters – they come, they go, as if nothing happened. When there are things to be persisted, a Persistent Volume…
-
How to Run Tableau Server in GKE(Google Kubernetes Engine)
TL; DR: here are my notes to host a fully working Tableau Server in a GKE cluster. It’s not fully Kubernetes native but still I think it’s better than running as a VM. This is correct as of Dec 2023. The Docker Container Image There doesn’t seem to have an official docker image for Tableau…
-
Github Hosted Runners and Their Access to GCP VPC
TL; DR: Given plenty of free time of Github hosted runners, I’m tempted to use it instead of running self-hosted ones in my GCP environment. Here are some options to grant network access to my GCP VPC. Prerequisites: Google Workload Identity Federation for Github Runners Option #1, grab the public IP of the runner on-the-fly…
-
How to Setup Google Workload Identity Federation for Github Actions Runners
When using GHA(Github Actions) for CI/CD purposes, the Github-hosted runners are free unless you use it quite a lot. But if I want to use GHA to build a docker container image and save it to my private repository in Google Artifact Registry, I have to grant the permission to some VMs I don’t even…
-
Solved: Atlantis Couldn’t Track Google Service Account Keys in State File
Atlantis is a great tool to do Terraform infrastructure-as-code and gitops together. I got it setup and running alright but when I let it to manage some service account keys(I know, not the best option, but in my situation I had to use it), it kept trying to re-create even if the key exists. Turns…