Lou Stack Base
Lou Stack Base
Home avatar

Lou Stack Base

Lou's knowledge base for software engineering, DevOps, and topics I'm exploring.

Terraform Module Design, Remote State, and Ansible Fundamentals

Lou Chang Lou Chang published on  included in DevOps IaC

This post covers two topics: Terraform module design with GCS remote state, and Ansible’s core structure with idempotency verification. The two are complementary — Terraform provisions infrastructure, Ansible configures servers internally.

Factoring Reusable Infrastructure Units

Avoiding Copy-Paste Across Environments

Without modules, the same VPC logic is written separately for dev and prod in Terraform. Change one, forget the other, and problems arise. Modules work like functions: define once, use with different parameters.

Read More
TerraformAnsibleGCPIaCDevOpsGCSStateManagementCAP

Networking Fundamentals: DNS, HTTP/HTTPS, Load Balancer, and Proxy

Lou Chang Lou Chang published on  included in DevOps Networking

Networking is the foundation of system design. This post starts from actual commands to understand DNS lookup, HTTP/HTTPS, TLS, Load Balancer, and Proxy concepts — skills you use in every deployment.

DNS

Domain Lookup from the Command Line 

1
2
3

dig google.com
dig +short example.com
dig +short example.com CNAME

dig is a DNS query tool. +short shows only the result, omitting noise.

Read More
NetworkingDNSHTTPHTTPSTLSLoad BalancerProxyDevOpsSRESystemDesign

Kubernetes Failure Modeling: Memory Kills, Health Checks, Configuration Objects, and Logical Partitions

Lou Chang Lou Chang published on  included in DevOps Kubernetes

DevOps learning notes.

Following the previous two posts (K8s core architecture, Service/HPA/Debug), this one digs into actual behavior under K8s failure scenarios, plus how to use ConfigMap, Secret, and Namespace. The goal is being able to predict and diagnose problems — not just apply YAML.

Environment: k3s v1.34 single-node cluster + go-api (Go HTTP server, scratch image)

Memory Exhaustion: When the OS Terminates Your Workload

How It Happens

Container memory usage exceeds the ceiling set by limits.memory, and the Linux kernel’s OOM killer terminates the process directly.

Read More
KubernetesK8sDevOpsOOMKilledProbeConfigMapSecretNamespace

Cloud Run Runtime Contract: Environment Variable Injection, Secret-Gated Auth Bypass, and Auto-Deploy Pipeline

Lou Chang Lou Chang published on  included in DevOps

This post records how I defined a runtime contract for running a FastAPI service on Cloud Run, how I designed auth bypass for the dev environment, and how I built the auto-deploy pipeline for each deployment.

Different from what I wrote before about WIF branch boundaries and dev/prod isolation, this post focuses on the “contract” between the app layer and the infra layer — what Terraform injects, what app code consumes, and where to draw the boundary.

Read More
Cloud RunGCPTerraformGitHub ActionsDevOpsSecurityCI/CD

First Production Custom Domain Cutover on Cloud Run: Domain Mapping, Search Console, and Certificate Wait-Window Pitfalls

Lou Chang Lou Chang published on  included in DevOps

This post records several real pitfalls I hit when moving a Cloud Run custom domain from an existing environment to the first formal prod service.

On the surface, it looks like only pointing api.example.com to the new Cloud Run service. But what usually blocks you is not Terraform syntax. The real blockers are:

  • domain ownership
  • IAM identity
  • certificate provisioning
  • first deploy sequencing

If these are not thought through before execution, first-time prod enablement is very easy to stall at the last step.

Read More
Cloud RunGCPCustom DomainDevOpsDNSTerraformProduction