terraform-provider-kubernetes: Internal neg annotation on service is not ignored
Terraform Version
Terraform v0.11.13
provider.kubernetes v1.6.2
Affected Resource(s)
kubernetes_service
Terraform Configuration Files
resource "kubernetes_service" "example" {
metadata {
name = "example"
labels {
"name" = "example"
}
annotations {
"cloud.google.com/neg" = "{\"ingress\": true}"
}
}
spec {
type = "NodePort"
session_affinity = "None"
port {
port = 80
target_port = 6000
protocol = "TCP"
}
selector {
"name" = "example"
}
}
}
Expected Behavior
After applying this resource and doing another plan without any changes the expected behavior is: “No changes. Infrastructure is up-to-date.”
Actual Behavior
~ kubernetes_service.example
metadata.0.annotations.%: "2" => "1"
metadata.0.annotations.cloud.google.com/neg-status: "{\"network_endpoint_groups\":{\"80\":\"k8s1-71f753e6-default-example-80-9b3d0709\"},\"zones\":[\"europe-west1-b\",\"europe-west1-c\",\"europe-west1-d\"]}" => "
Steps to Reproduce
Set up a service with the "cloud.google.com/neg" = "{\"ingress\": true}" annotation
Important Factoids
Running on GKE using https://cloud.google.com/load-balancing/docs/negs/
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 5
- Comments: 17 (5 by maintainers)
Although changing the neg-status annotation is non-destructive, it is very annoying that the terraform reports ‘updates’ for things that are internal.
Moreover in apps like ours where we have 10 or 12 of them from different modules, the volume of “diffs” caused by this is so large as to make a plan unreadable. This makes the process of debugging a plan very difficult because it is full of stuff that doesn’t represent the change that is being applied.
For that reason alone, imo, this should be addressed fairly soon.
For clarity there are two issues from my perspective: 1) GKE 'creating a specific annotation by default kind of makes it an internal, and should be treated as such 2) not having the ability to ignore specific annotations within the lifecycle model is a problem (which may be out of scope for this team as I suspect that may have more to do with the internals of terraform rather than the k8s module, but it’s worth noting.