No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi all,

Has anyone managed to use eks entirely from credentials stored in the stack config? I’ve got it working on up by actually retrieving the token and shoving it in a kubeconfig but destroy doesn’t appear to re-retrieve the token, just relies on the one stored in the state.

I use RBAC and have Pulumi store a role that's assumed on deploy. However, this still requires AWS credentials that can assume that role in order to run Pulumi. Is this what you mean, or are you looking to embed static credentials in the configuration file?

we store credz + role to assume in the stack config and then use that to auth to eks

so yes basically static credz in our stack config

in our CI pipe, we subprocess out a call to `aws eks update-kubeconfig and then
```k8s_provider = k8s.Provider(
    "k8s_provider",
    # cluster=current_context,
    context=current_context,
    kubeconfig='~/.kube/config',```