No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi!
I don't have any experience with k8s, so I'm most likely doing it wrong.
I'm hiding my k8s server behind a bastion server and only use it via local cli.
I don't see a simple way for pulumi to set up ssh tunnelling... what's the industry practice here? Is it safe to expose k8s api to the public?

Kubernetes uses x509 (certificate) based authentication. When configured correctly, it's pretty safe to have the API server publicly available. All major cloud providers do this by default

That being said, many prefer to keep them behind a VPN or bastion and that's OK too

Your best bet is to create an SSH tunnel on your machine before running Pulumi to make the API server available

I believe you can configure Pulumi to go over a socks proxy? I could be wrong though. Another option is to consider the Pulumi k8s operator which can be installed directly on the cluster so no need to go over the network… it comes with other considerations though 