Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importing resources can cause the plan to show annotation and label changes #2553

Open
ohemelaar opened this issue Jul 18, 2024 · 1 comment
Open

Importing resources can cause the plan to show annotation and label changes #2553

ohemelaar opened this issue Jul 18, 2024 · 1 comment
Assignees
@jrhouston
Labels
bug

Comments

@ohemelaar
Copy link

Terraform Version, Provider Version and Kubernetes Version

Terraform version: v1.9.2
Kubernetes provider version: v2.31.0
Kubernetes version: v1.30.0

Affected Resource(s)

Noticed it with these resources, but there's probably more affected as it's in the metadata block :

  • kubernetes_secret
  • kubernetes_namespace
  • kubernetes_namespace_v1

Terraform Configuration Files

resource "kubernetes_namespace_v1" "example" {
  metadata {
    name = "example"
    labels = {
      "pod-security.kubernetes.io/enforce" = "baseline"
    }
  }
}

Debug Output

Import output

Plan ouput

Panic Output

Steps to Reproduce

  1. Create a namespace with a annotation, for example kubectl apply ns.yaml
  2. Import the namespace in terraform, terraform import kubernetes_namespace_v1.example example
  3. Run a plan, terraform plan
# ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: example
  labels:
    pod-security.kubernetes.io/enforce: baseline

Expected Behavior

The plan shouldn't show any annotation changes, because the resource in kubernetes has the annotation and it's the same as in the HCL file.

Actual Behavior

Terraform plans to add the annotation which already exists.

This is a pain to sort out in large refactors because we need to manually verify if it plans to change the annotations or if it will keep it the same.

Important Factoids

References

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@ohemelaar ohemelaar added the bug label Jul 18, 2024
@BBBmau BBBmau assigned jrhouston and unassigned alexsomesan Jul 22, 2024
@ohemelaar
Copy link
Author

By the way I just noticed I mixed up annotations and labels in my example, but I've seen this happen with both. It's just that for a "real" use case setting up a namespace with this label was the easiest I could think of. An example with annotations would be a ServiceAccount and a Secret for that ServiceAccount having the kubernetes.io/service-account.name annotation.

@ohemelaar ohemelaar changed the title Importing resources can cause the plan to show annotation changes Importing resources can cause the plan to show annotation and label changes Jul 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrhouston jrhouston

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexsomesan @jrhouston @ohemelaar