-
Github Hosted Runners and Their Access to GCP VPC
TL; DR: Given plenty of free time of Github hosted runners, I’m tempted to use it instead of running self-hosted ones in my GCP environment. Here are some options to grant network access to my GCP VPC. Prerequisites: Google Workload Identity Federation for Github Runners Option #1, grab the public IP of the runner on-the-fly…
-
How to Setup Google Workload Identity Federation for Github Actions Runners
When using GHA(Github Actions) for CI/CD purposes, the Github-hosted runners are free unless you use it quite a lot. But if I want to use GHA to build a docker container image and save it to my private repository in Google Artifact Registry, I have to grant the permission to some VMs I don’t even…
-
Solved: Atlantis Couldn’t Track Google Service Account Keys in State File
Atlantis is a great tool to do Terraform infrastructure-as-code and gitops together. I got it setup and running alright but when I let it to manage some service account keys(I know, not the best option, but in my situation I had to use it), it kept trying to re-create even if the key exists. Turns…
-
Solved: Error 403: The caller does not have permission
Recently I got a very confusing error when setting up a PubSub subscription to write to a Big Query table via terraform. Here’s the partial terraform code snippet: And the input variable subscriptions looks like: It doesn’t show any error when doing terraform plan however it gives 403 error when applying. After some googling I…
-
How to Avoid Rebuild Resources with Terraform/Terragrunt
I use Terraform and Terragrunt a lot at work to keep track of infrastructure changes. Sometimes I refactored code in modules so there’s no change to infrastructure but since the module changed terraform will insist to rebuild affected resources. It’s not quite comfortable to destroy some resources and then just create exactly the same ones.…
-
How to Use the Sidecar Resource to Optimise Memory Footprint of Istio Sidecar
In a populous GKE cluster, I saw the memory utilisation getting very high. After some investigation, to my surprise, a great deal of memory was consumed by tiny Istio sidecars. And they are getting bloated round the clock. The Istio sidecar essentially is an envoy proxy configured by Istio controller – istiod. It’s usually light-weight,…
-
Solved: Couldn’t Pick Correct Python Version in VS Code in Fedora Linux
TL; DR: The VS Code was installed via flatpak. I purged it and re-installed it the normal way then the problem went away 🙂
-
An Admin-Only Python Decorator for Telegram Bots
TL; DR: Here’s a Python Decorator I wrote for Telegram Bots so certain commands can only be used by group admins.