No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

you need to pass the provider to your `sa`, try this:
```sa = k8s.core.v1.ServiceAccount("microservice",
    metadata=k8s.meta.v1.ObjectMetaArgs(
      namespace="monitoring",
      name="microservice"
    )
    opts=pulumi.ResourceOptions(provider=k8s_provider)
)```

that worked, but now it throws another error: `error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://&lt;hostname&gt;/k8s/clusters/c-5s7qv/openapi/v2?timeout=32s": x509: certificate signed by unknown authority` but i can hit that endpoint from browser with out any issue,. missing anything?

is there a way i can move the pulumi state from cloud to local and run it from `pulumi login --local`

that error is indicating your kubeconfig has a certificaiton authority that isn't valid, which seems weird. I'd export your kubeconfig and examine it, make sure it works against your cluster

i think its weird, when rancher2.Cluster() is spitting out kube-config, config has server pointed to rancher endpoint and CA is from EKS, both are clashing?

did you create an EKS cluster with rancher2?

it's not clear what the issue is, but it seems related to rancher2. you'll need to do some debugging of the kubeconfig I'm afraid

yeah i have created EKS cluster with rancher2. i'm trying to bring rancher in our setups and do all configuration from one place kind of thing. so i have imported the config file down and when did `kubectl get pods`  throws same error until i pass this flag `--insecure-skip-tls-verify=true`

this really is an issue with your rancher setup I'm afraid, did you use a valid https certificate when setting up rancher? it looks like rancher proxies the calls to your cluster

you could do a transformation on the kubeconfig to skip verification of the cluster, but that's probably not what you want to do

yeah looks like its with the rancher setup i did, yeah i have valid cert for rancher, but UI endpoint cert is different one

for now if have to over come the tls at config level, can i do it at pulumi provider and say 'no tls' ?

we dob't have the option for the provider, no. you'll need to modify the kubeconfig

you can likely build your own kubeconfig with the outputs

ah that wouldn't help i guess as my rancher is not available on http.

i have got it fixed on my rancher server setup. thanks for the support <@UCWG26BH7>, appreciate it 