k8s: add lifecycle ignore_changes for namespace metadata labels and annotations

[Copilot]

Overview

Fixes the issue where Terraform attempts to revert changes to namespace labels and annotations when they are modified by external tools like Rancher. This PR adds lifecycle ignore_changes rules to allow external customization of namespace metadata without Terraform drift detection.

Problem

When external management tools (e.g., Rancher, other controllers) modify labels or annotations on Kubernetes namespaces, Terraform detects these as configuration drift and attempts to realign the metadata to match the module's configuration. This prevents users from customizing namespaces through external tools and causes unnecessary apply cycles.

Solution

Added a lifecycle block to the kubernetes_namespace resource with ignore_changes for metadata labels and annotations:

resource "kubernetes_namespace" "ns" {
  metadata {
    name        = var.name
    labels      = merge(local.interpolated_tags, var.labels)
    annotations = var.annotations
  }

  lifecycle {
    ignore_changes = [
      metadata[0].labels,
      metadata[0].annotations,
    ]
  }
}

Changes

• namespace.tf: Added lifecycle block with ignore_changes for labels and annotations; added annotations support to metadata
• variables.tf: Added annotations variable for namespace annotations; fixed labels description (previously said "secret")
• README.md: Added behavior documentation explaining the lifecycle rules and how to update metadata through Terraform if needed

Benefits

✅ Non-breaking change: Existing users don't need to migrate Terraform state
✅ Allows external customization: Tools like Rancher can modify namespace metadata freely
✅ Maintains control: Users can still update labels/annotations via Terraform using terraform apply -replace when needed
✅ Bonus feature: Full annotations support added (previously only labels were supported)

Usage

After this change, users can allow external tools to modify namespace labels and annotations without Terraform reverting them. Initial values are still set by Terraform on namespace creation.

If you need to update labels or annotations through Terraform after creation:

1. Use terraform apply -replace="kubernetes_namespace.ns" to force recreation, or
2. Temporarily comment out the lifecycle block, apply changes, then uncomment it

Design Rationale

An alternative approach of making ignore_changes optional via a variable was considered, but would require using count for conditional resource creation. This would force all existing users to migrate their state with terraform state mv, making it a breaking change. The simpler approach of always ignoring changes aligns with the issue request and maintains backward compatibility.

Closes #[issue_number]

Original prompt

---

This section details on the original issue you should resolve

<issue_title>k8s: add a way to ignore changes in namespaces when metadata labels and annotations change</issue_title>
<issue_description>Is your feature request related to a problem? Please describe.

When labels or annotations changes du to an external factor (rancher for example), the terraform code is trying to realign theses labels/annotations. We should ignore it to let the user customize whatever they want

Describe the solution you'd like

Maybe we could add lifecycle hooks ignore ?

</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #55

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.