No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

General kubernetes question, kubeconfig should be treated as a secret right?
e.g. stored encrypted, restrict access etc..

depends. if you’re using GCP there aren’t actually any secrets stored in the kubeconfig file.

Fair enough, AKS stores client-certificate-data, client-key-data and token

for AKS we put
```        additionalSecretOutputs: ["kubeConfigs", "kubeConfigRaw", "kubeAdminConfigs", "kubeAdminConfigRaw"]```
on the resource

I treat my kubeConfig as a secret. What this has caused me to do is to use the `--secretprovider=passphrase` during the creation of all my stacks so that the resource provisioning stacks can reference the kubeConfig generated by the cluster provisioning stack.

Thanks all, think I'll open a PR for the K8s Crosswalk stack