No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

The way we do this is we set up our kubeconfig to dynamically fetch credentials, and embed this into the `k8s.Provider` itself. That way, Pulumi will automatically refresh credentials in the same way `kubectl` will.

<@UT1RE16J3> nice approach, I’ll try it. Thank you!

<@UT1RE16J3> how did you set your kubeconfig to dynamically fetch credentials? Do you have any example?

You need to use the `exec` block in the `user` section of your kubeconfig. There are some docs here: <https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-set-credentials-em->

If you're using a cloud-provided cluster, they typically have instructions for how to set this up, like here: <https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html>

Hello <@UT1RE16J3>. I'm using an on-prem cluster and I tried to fetch the credentials using kubeadm. Running on CLI I get the kubeconf successfully on stdout, but when I ran on exec I get the following error: `getting credentials: decoding stdout: no kind "Config" is registered for version "v1" in scheme "pkg/runtime/scheme.go:100"` . Do you have any suggestion about fetching credentials to an on-prem cluster?

I'm not sure about that one, I've not used `kubeadm`. It should be possible to configure a kubeconfig file that executes a binary to fetch credentials, but I don't know offhand the format for it.