Hi all. What is best practice to manage admin access to a Kubernetes cluster? I'm creating a cluster with

pulumi_gcp.container.Cluster

and then want to deploy Strimzi operator with

pulumi_kubernetes.helm.v3.Chart

. The problem I run into is that I don't personally have access to the cluster until I run

gcloud container clusters get-gredentials <cluster_name> --region <region>

and generate the configuration, with certificates, for the cluster. I have a few ideas but I feel like I'm missing something that should work better. Idea 1: I can run the command to get the credentials from gcloud with

pulumi_command.local.Command

after the creation of the cluster and before the Chart. I don't particularly like this idea because it changes the state of my personal environment. For the time being it is not a problem, but once we start working with multiple clusters and multiple developers it is bound to cause problems. And then I'm out of ideas. I'll start by trying idea 1 but I hope I can get some more information here.

I solved it like so:

command = new remote.Command(...) // generate kubeconfig to stdout
export const kubeconfig = kubeconfigs.admins.stdout;

const provider = new k8s.Provider("k8s", { kubeconfig });

new k8s.helm.v3.Release("foo", {...}, { provider });

However, due to this bug, it means I cannot refresh my stack 😕

Thanks @dazzling-oxygen-84405. Have you tried using

remote.run

instead of

remote.Command

? As I understand it the only difference is that Command is managed and run will just execute, i.e. it won't actually be part of the stack.

as far as I can tell,

run

is only available for local commands?

aha, that sucks. Well, in my case it doesn't matter since I'm running it locally, so I'll try run first.

I’m not using gcloud, my

Command

is using

kubeadm

to generate the config for an on-prem cluster.

aha, of course, I just assumed you were using some cloud service. my bad