No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Anyone orchestrating GKE with Pulumi? I am wondering if creating the GKE cluster with static credentials[1] is the only way to go about this?

[1] - <https://github.com/pulumi/examples/blob/master/gcp-py-gke/__main__.py#L30>

hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster

you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think

it's been a while since I did this :smile:

Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.

I mean technically a service account with roles/container.admin will let you use the GKE admin API _and_ let you retrieve the master API credentials using gcloud…

I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?