No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

kubernetes:apps/v1:Deployment (default/chart):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://d.hcp.westus2.azmk8s.io:443/openapi/v2?timeout=32s|https://***********.hcp.westus2.azmk8s.io:443/openapi/v2?timeout=32s>": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca")

Again, this started after a kube cert rotation.  When I print the kubeconfig it is correct.

```kubeconfig = creds.kubeconfigs[0].value.apply(
    lambda enc: base64.b64decode(enc).decode())

k8s_provider = k8s.Provider(
    f'{stack_name}-k8s-provider',
    kubeconfig=kubeconfig
)```

```pulumi.export("kubeconfig", kubeconfig)```

kubeconfig matches what lens is using and lens works.

<@U026JBAHN5U> what’s in your state? `pulumi state export` - i bet the kubeconfig is still stored in state with the wrong cert

That is probably it! Do I export, update kubeconfig, import?

You can do a refresh of the urn. I’m on mobile so can’t share how to do that. Expert and update would work too