General kubernetes question, kubeconfig should be treated as a secret right? e.g. stored encrypted, restrict access etc..

depends. if you’re using GCP there aren’t actually any secrets stored in the kubeconfig file.

Fair enough, AKS stores client-certificate-data, client-key-data and token

for AKS we put

additionalSecretOutputs: ["kubeConfigs", "kubeConfigRaw", "kubeAdminConfigs", "kubeAdminConfigRaw"]

on the resource

I treat my kubeConfig as a secret. What this has caused me to do is to use the

--secretprovider=passphrase

during the creation of all my stacks so that the resource provisioning stacks can reference the kubeConfig generated by the cluster provisioning stack.

Thanks all, think I'll open a PR for the K8s Crosswalk stack