Hi, I have a question about the intended workflow for Pulumi with GKE clusters - because of the auth deprecation in 1.26, I'm now getting these errors on

pulumi up/preview

in a CI environment which was using the old auth mechanism.

error: failed to initialize discovery client: The gcp auth plugin has been removed.
    Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
    See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details

The fix for this seems to be to add a

gcloud container clusters get-credentials CLUSTER_NAME

step before running

pulumi up

. Up until now we'd been allowing Pulumi to generate a random suffix on all Kubernetes resources including the cluster name (and CI didn't need to know what the cluster name is), but it seems like now we will need to explicitly reference a cluster name in CI to authenticate. This seems fine once a cluster has already been created, but for newly created clusters it seems like we'd need to bring the cluster up once manually, get the name that Pulumi generates, and then update CI to reference the correct cluster name. Does that sound like the intended workflow, or is there another way to manage authentication for clusters with randomly generated names?

It's worth generating the kubeconfig as part of your stack. here's an example in typescript, showing the kubeconfig being passed to the k8s provider.