No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster

you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think

it's been a while since I did this :smile:

Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.

I mean technically a service account with roles/container.admin will let you use the GKE admin API _and_ let you retrieve the master API credentials using gcloud…

I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?