https://pulumi.com logo
Title
k

kind-mechanic-53546

05/21/2020, 1:53 AM
General kubernetes question, kubeconfig should be treated as a secret right? e.g. stored encrypted, restrict access etc..
c

creamy-potato-29402

05/21/2020, 2:24 AM
depends. if you’re using GCP there aren’t actually any secrets stored in the kubeconfig file.
k

kind-mechanic-53546

05/21/2020, 3:44 AM
Fair enough, AKS stores client-certificate-data, client-key-data and token
b

better-rainbow-14549

05/21/2020, 8:38 AM
for AKS we put
additionalSecretOutputs: ["kubeConfigs", "kubeConfigRaw", "kubeAdminConfigs", "kubeAdminConfigRaw"]
on the resource
a

ancient-megabyte-79588

05/21/2020, 2:24 PM
I treat my kubeConfig as a secret. What this has caused me to do is to use the
--secretprovider=passphrase
during the creation of all my stacks so that the resource provisioning stacks can reference the kubeConfig generated by the cluster provisioning stack.
k

kind-mechanic-53546

05/21/2020, 11:32 PM
Thanks all, think I'll open a PR for the K8s Crosswalk stack