diff --git a/sky/clouds/gcp.py b/sky/clouds/gcp.py
index 3502fee8e1c..649156be707 100644
--- a/sky/clouds/gcp.py
+++ b/sky/clouds/gcp.py
@@ -73,6 +73,8 @@
     ~/google-cloud-sdk/install.sh -q >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
     echo "source ~/google-cloud-sdk/path.bash.inc > /dev/null 2>&1" >> ~/.bashrc && \
     source ~/google-cloud-sdk/path.bash.inc >> {_GCLOUD_INSTALLATION_LOG} 2>&1; }}; }} && \
+    gcloud components install kubectl --quiet >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
+    gke-gcloud-auth-plugin --version >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
     popd &>/dev/null'
 
 # TODO(zhwu): Move the default AMI size to the catalog instead.
diff --git a/sky/clouds/kubernetes.py b/sky/clouds/kubernetes.py
index f9242bd77aa..21fc32ef436 100644
--- a/sky/clouds/kubernetes.py
+++ b/sky/clouds/kubernetes.py
@@ -93,17 +93,7 @@ def _unsupported_features_for_resources(
         context = resources.region
         if context is None:
             context = kubernetes_utils.get_current_kube_config_context_name()
-        # Features to be disabled for exec auth
-        is_exec_auth, message = kubernetes_utils.is_kubeconfig_exec_auth(
-            context)
-        if is_exec_auth:
-            assert isinstance(message, str), message
-            # Controllers cannot spin up new pods with exec auth.
-            unsupported_features[
-                clouds.CloudImplementationFeatures.HOST_CONTROLLERS] = message
-            # Pod does not have permissions to terminate itself with exec auth.
-            unsupported_features[
-                clouds.CloudImplementationFeatures.AUTO_TERMINATE] = message
+
         # Allow spot instances if supported by the cluster
         spot_label_key, _ = kubernetes_utils.get_spot_label(context)
         if spot_label_key is not None:
diff --git a/sky/provision/kubernetes/utils.py b/sky/provision/kubernetes/utils.py
index 14b6b42aa58..ce412a96cff 100644
--- a/sky/provision/kubernetes/utils.py
+++ b/sky/provision/kubernetes/utils.py
@@ -2249,10 +2249,18 @@ def set_autodown_annotations(handle: 'backends.CloudVmRayResourceHandle',
 def get_context_from_config(provider_config: Dict[str, Any]) -> Optional[str]:
     context = provider_config.get('context',
                                   get_current_kube_config_context_name())
-    if context == kubernetes.in_cluster_context_name():
-        # If the context (also used as the region) is in-cluster, we need to
-        # we need to use in-cluster auth by setting the context to None.
-        context = None
+    remote_identities = skypilot_config.get_nested(
+        ('kubernetes', 'remote_identity'), None)
+    local_credentials_value = schemas.RemoteIdentityOptions.LOCAL_CREDENTIALS.value  # pylint: disable=line-too-long
+    use_local_credentials = (remote_identities is not None and
+                             remote_identities == local_credentials_value)
+    if use_local_credentials:
+        return context
+    else:
+        if context == kubernetes.in_cluster_context_name():
+            # If the context (also used as the region) is in-cluster, we need to
+            # we need to use in-cluster auth by setting the context to None.
+            context = None
     return context