k8s.io/client-go and tools using it such as kubectl and kubelet are able to execute an external command to receive user credentials. Have you thought about supporting this feature for this client implementation as well? For example, for AWS managed EKS clusters, you need to call aws eks get-token to obtain an (expiring) k8s bearer token to access the cluster from your development machine. For now this can be done before creating a client instance and the use the result as the bearer token.
k8s.io/client-goand tools using it such askubectlandkubeletare able to execute an external command to receive user credentials. Have you thought about supporting this feature for this client implementation as well? For example, for AWS managed EKS clusters, you need to callaws eks get-tokento obtain an (expiring) k8s bearer token to access the cluster from your development machine. For now this can be done before creating a client instance and the use the result as thebearer token.