Terraform-provider-kubernetes: Need mechanism for mutating annotations & labels on system namespaces
A basic use case is needing to annotation the kube-system namespace for KIAM.
terraform import doesn't work for well documented reasons around non-variable references (i.e., module output variables and locals) in modules.
From an aborted PR attempt (https://github.com/terraform-providers/terraform-provider-kubernetes/pull/236), some ideas are:
- Take inspiration from the AWS plugin around
aws_default_vpc,aws_default_subnet, etc. and create akubernetes_system_namespaceresource that takes control of the existing resource. - Create a
kubernetes_namespace_metadataresource that just manages the metadata for an existing namespace. - Create more specific metadata resources like
kubernetes_namespace_metadata_annotationsandkubernetes_namespace_metadata_labels
chris-codaio
All 9 comments
- @pdecat @alexsomesan
chris-codaio
on 30 Nov 2018
@chrisleck Anything ever come from this? Trying to implement istio labels on the default namespace and I'm not able to use it with the kubernetes_namespace resource.
Aaron-ML
on 3 Sep 2019
Hi,
I'd vote for generic kubernetes_metadata_annotations and kubernetes_metadata_labels resources to also address potential other use cases, if not too complex to implement.
Otherwise kubernetes_namespace_metadata_annotations
and kubernetes_namespace_metadata_labels to specifically address this PR's use case.
@Aaron-ML current work-around is to import the system namespaces, cf. https://github.com/terraform-providers/terraform-provider-kubernetes/pull/236#issuecomment-443143450 and https://github.com/terraform-providers/terraform-provider-kubernetes/pull/236#issuecomment-443264219
pdecat
on 10 Sep 2019
@pdecat That would work for me.
Regarding your work-around, you manually import the pre-existing namespaces on each run?
Aaron-ML
on 10 Sep 2019
I only import system namespaces on the first run, after cluster creation.
pdecat
on 11 Sep 2019
Also looking for a way to manipulate system namespaces, e.g. default.
Unfortunately importing the namespace to terraform is not a trivial task to automate with terraform, therefor having resources as suggested in the initial report would be a great addition.
I like the approach of following the aws solution like aws_default_vpc.
msvechla
on 16 Jan 2020
Aggregated attributes would improve the import process. Needs further investigation.
We should check the aws_default_vpc and other aws_default_* resources for an example of how to implement this. Thanks for the suggestion, @msvechla!
dak1n1
on 15 Apr 2020
This is finally making it into our work queue. We're tracking this issue in https://github.com/hashicorp/terraform-provider-kubernetes/issues/692. I'll close this one as a duplicate.
dak1n1
on 17 Mar 2021
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 17 Apr 2021
Related issues
landorg
·
3Comments
ZachGoldberg
·
3Comments
bdronneau
·
4Comments
bugb
·
4Comments
rehevkor5
·
3Comments
Most helpful comment
Hi,
I'd vote for generic
kubernetes_metadata_annotationsandkubernetes_metadata_labelsresources to also address potential other use cases, if not too complex to implement.Otherwise
kubernetes_namespace_metadata_annotationsand
kubernetes_namespace_metadata_labelsto specifically address this PR's use case.@Aaron-ML current work-around is to import the system namespaces, cf. https://github.com/terraform-providers/terraform-provider-kubernetes/pull/236#issuecomment-443143450 and https://github.com/terraform-providers/terraform-provider-kubernetes/pull/236#issuecomment-443264219