No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

been a while since using pulumi on this repo, and now it doesn't work. i keep getting `configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials`. any idea why this might be the case? i'm explicitly getting the kubeconfig and providing it as the `provider`, so it's not like some sort of ambient credential problem.

probably your kubeconfig file is not working.

this error is saying your credentials don’t work for that cluster

as i said, i am not using ambient credentials

perhaps i should clarify, i am requesting the kubeconfig, i am not loading it from a file

i.e. i'm basically doing a `cluster.kubeConfig`

```try {
    // first try to generate the kubeconfig from a pre-existing cluster.
    // this is done to workaround the 7-day expiry of kubeconfigs from DO.
    kubeConfig = pulumi.secret(digitalocean.getKubernetesCluster(
        {name: `infrastructure`}).kubeConfigs[0].rawConfig);
} catch (e) {
    // if we can't do that, simply grab the kubeconfig from the cluster we
    // just created
    kubeConfig = pulumi.secret(cluster.kubeConfigs[0].rawConfig);
}```

maybe it's a pulumi version mismatch error...

do you know if there's a pulumi (binary) version manager?

Uhm…. to me this looks a lot like a kube auth error?

that is, this looks like an error in the way the kubeconfig file is formatted? sometimes the data is wrong too, though.

pulumi in general is not smarter than kubectl, in the sense that it uses the exact same auth channels.

so if pulumi claims that the cluster is unreachable, this is usually not unique to pulumi

yeah, i mean i agree that's what it looks like, but i even printed the kubeconfig to a file and used it with `kubectl` -- worked fine.

looks to be some problem with refreshing resources only... :thinking_face:

oh.... maybe i need to `up` just the provider to bump the kubeconfig

yup.... that's what it was :man-facepalming: the `refresh` was using the stack's stored provider, which of course no longer works after 7 days because DO uses expiring certs for auth... sigh

that is super nice to know, thank you for sharing