Required ‘compute.networks.create’ permission Google/Terraform Cloud

Problem

You want to create a GKE cluster in Google using Terraform Cloud and the instructions provided https://registry.terraform.io/providers/hashicorp/google/4.3.0/docs/guides/getting_started#using-terraform-cloud-as-the-backend

You are creating a service account in Google Service Accounts and you have set up the environment variable GOOGLE_CREDENTIALS (after removing the new lines from the json file with tr -d '\n' < original_google_file.json > no_newlines_google_file.json.

But when trying to create the GKE cluster you get the following error in Terraform

Required 'compute.networks.create' permission

Solution

The default permissions when creating the Service Account are not enough.

Add the Editor role to your service account, by going to IAM, Permissions for Project, as it does not seem possible to add this permission by editing the Service Account.

Kubectl using -l a=something -l b=other or -l a=something,b=other

When you have two pods with different labels, let’s say one with two labels a=something and b=other, and the second one with label b=other, when you use kubectl to get them there is a difference in the way that the -l selector is used.

So using kubectl -n namespace get pods -l a=something -l b=other it will give you back both pods as it works as an OR operator.

If you wanted to get only the first one that has both labels, but not the second, you would need to use it as in kubectl -n namespace get pods -l a=something,b=other.

In other words the comma separator acts as a logical AND operator in selecting the labels.

Flushing dns caching in linux

Problem

You want to update your dns resolution locally after some change in DNS.

You want to do this because your local dns cache still holds the old information about the domain. For example using your local dns and the google one returns two different results

host changed_domain.com
returns the old ip

host changed_domain.com 8.8.8.8
returns the new ip.

Solution

Check your systemd-resolved is active:

sudo systemctl is-active systemd-resolved
active

Get some statistics:

sudo systemd-resolve --statistics

Transactions
Current Transactions: 0
  Total Transactions: 38818

Cache
  Current Cache Size: 73
          Cache Hits: 21120
        Cache Misses: 19745

DNSSEC Verdicts
              Secure: 0
            Insecure: 0
               Bogus: 0
       Indeterminate: 0

Flush the cache (make the Current Cache Size above 0)

sudo systemd-resolve --flush-caches

Check the cache again (should be 0 now):

sudo systemd-resolve --statistics

ransactions
Current Transactions: 0
  Total Transactions: 38818

Cache
  Current Cache Size: 0
          Cache Hits: 21120
        Cache Misses: 19745

DNSSEC Verdicts
              Secure: 0
            Insecure: 0
               Bogus: 0
       Indeterminate: 0

Information taken from https://www.techrepublic.com/article/how-to-flush-the-dns-cache-on-linux/