Alternative way of detecting cluster changes instead of `kubeconfig`

[eplightning]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Currently the provider relies on passed kubeconfig input to decide if it needs replacement or not. This is not always correct and has a chance for both false negatives and false positives, resulting either in potentially destructive replacement of resources (volumes, ArgoCD applications...) or errors when an expected resource doesn't exist.

Therefore I'd like to request an alternative to doing that for users that have this information by other means (for example ID of a managed K8s cluster).

Simplest way I can think of to achieve this would be adding a new optional provider config property clusterId and changing the detection logic as follows:

1. If clusterId is passed, report provider for replacement whenever new clusterId is computed or differs from previous clusterId
2. Else use current kubeconfig logic

Then this could be used this way in Pulumi code:

const aks = new containerservice.KubernetesCluster('cluster', ...);
const k8sProvider = new kubernetes.Provider('cluster', {
  clusterId: aks.id,
  kubeconfig: aks.kubeAdminConfigRaw
});

Affected area/feature

Provider

[EronWright]

Another alternative may be to use some server information, such as the UID of the default namespace. I don't know whether the provider resource could do the detection, and vary its URN (identity) accordingly. Or whether each object resource would do the detection and state tracking.