Hi, can anyone tell me if i’m doing something wrong and point me to some docs? 🙏 Or it’s just not implemented? I’m trying to create service account API token:

const secret = new k8s.core.v1.Secret("example", {
    metadata: {
        name: "example",
        annotations: {
            "<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>": "default",
        },
    },
    type: "<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>",
});

which works. But now how do I get the token since data is undefined?

secret.data.apply(v => v["token"]);

🤔

Can I ask, why do you need the token?

Hey, ofc. I have couple use-cases for multi-cluster deployments as described for example here: https://istio.io/latest/docs/setup/install/multicluster/multi-primary/#enable-endpoint-discovery or here: https://docs.solo.io/gloo-edge/master/guides/gloo_federation/cluster_registration/ I hope I am not abusing pulumi to do that 😅

Interesting use case. There's not really a nice way to handle that with Pulumi specific code - because there's no guarantees when the token will be added / the secret created. You can add a generic Kubernetes client and add a reflector though?

there’s no guarantees when the token will be added

actually, it’s immediate so it’s enough to fetch resource from API - for example this works in terraform because they always read created resource😅 So i was wondering if it’s possible to do some refresh or something similar also here. But yeah, gonna give a shot to kube client. Thank you :)

You should be able to run a

pulumi refresh

after the creation, but I can’t think of a way to do this in one step currently. Here’s the issue tracking this class of problems: https://github.com/pulumi/pulumi-kubernetes/issues/1260