terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

All resources show diffs on `metadata.annotations` and `metadata.labels`

Open alexsomesan opened this issue 4 years ago • 11 comments

Terraform Version, Provider Version and Kubernetes Version

Terraform version: v1.0.6
Kubernetes provider version: 2.5.0
Kubernetes version: 1.22.1

Affected Resource(s)

Seemingly all

Terraform Configuration Files

resource "kubernetes_namespace" "example" {
  metadata {
    name = "terraform-example-namespace"
  }
}

Debug Output

Panic Output

Steps to Reproduce

  1. terraform apply
  2. terraform plan

Expected Behavior

What should have happened?

Actual Behavior

kubernetes_namespace.example: Refreshing state... [id=terraform-example-namespace]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

  # kubernetes_namespace.example has been changed
  ~ resource "kubernetes_namespace" "example" {
        id = "terraform-example-namespace"

      ~ metadata {
          + annotations      = {}
          + labels           = {}
            name             = "terraform-example-namespace"
            # (3 unchanged attributes hidden)
        }
    }

Important Factoids

References

Previously reported specifically for namespaces. https://github.com/hashicorp/terraform-provider-kubernetes/issues/1394

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

alexsomesan avatar Sep 15 '21 14:09 alexsomesan

This seems to be a problem with all recent versions of the kubernetes provider (tested using 2.3.2, 2.4.0, and 2.4.1) which support the new experimental kubernetes_manifest resource.

Our cluster applies a metadata.annotation to the PrometheusRules object and this provider causes the state file to attempt to track that change and incorrectly remove it even though the documentation (and 2.5.0 release notes) says that by default metadata.labels and metadata.annotations are computed values and should not tracked by state.

To work around this, we are using the kubernetes-alpha provider (constrained to version 0.4.1), but that project is deprecated and suggests using the kubernetes provider instead.

Lexmark-jrichey avatar Oct 12 '21 14:10 Lexmark-jrichey

We are running into the same issue, and it's a major blocker at this time. It would be greatly appreciated if you could please prioritize this issue, or at least provide a workaround for it (other than using kuberetes-alpha)

thanks a lot,

maneamarius avatar Oct 12 '21 15:10 maneamarius

hey guys, just wondering if there's any updates on this? thanks a lot!

maneamarius avatar Nov 03 '21 10:11 maneamarius

This issue appears to be fixed using the latest kubernetes provider version (registry.terraform.io/hashicorp/kubernetes version 2.7.1) and can be answered/closed.

Lexmark-jrichey avatar Dec 10 '21 15:12 Lexmark-jrichey

This issue appears to be fixed using the latest kubernetes provider version (registry.terraform.io/hashicorp/kubernetes version 2.7.1) and can be answered/closed.

Using 2.8.0, I still experience the problem. The pain for my team is we validate our Terraform modules with plan->apply->replan tests, and the re-plan always fails due to this "drift" of empty annotation blocks.

f35f0ef9d0e827dae86552d3899f78fc avatar Mar 03 '22 21:03 f35f0ef9d0e827dae86552d3899f78fc

happens to me on 2.9.0

resource "kubernetes_namespace" "mynamespace" {
  metadata {
    name        = "mynamespace"
    annotations = {}
    labels      = {}
  }
}

after terraform plan:

 # kubernetes_namespace.mynamespace has changed
  ~ resource "kubernetes_namespace" "mynamespace" {
        id = "mynamespace"

      ~ metadata {
          + annotations      = {}
          + labels           = {}
            name             = "mynamespace"
            # (3 unchanged attributes hidden)
        }
    }

I think its not solved yet. Not on 2.9.0 at least.

Temporarily adding one annotation or label helped (no changes are detected anymore).

maciejtulaza avatar Mar 26 '22 14:03 maciejtulaza

Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!

github-actions[bot] avatar Mar 27 '23 00:03 github-actions[bot]

Please keep this issue fresh. Tx!

mindw avatar Apr 11 '23 10:04 mindw

This remains an issue with v2.26.0.

clintonb avatar Apr 09 '24 20:04 clintonb

And it's still happening with 2.30. It's however not just metadata.annotations and labels but a plenty more:

  • config_map_ref.optional = false -> null
  • resources.limits.cpu = "1" -> "1000m"
  • node_selector = {} -> null.

It's basically making the terraform plan close to useless, as you have to have knowledge to verify actual changes.

mark-heyworld avatar Jun 07 '24 12:06 mark-heyworld