Kops

No special configuration is required to run Istio on Kubernetes clusters version 1.22 or newer. For prior Kubernetes versions, you will need to continue to perform these steps.

If you wish to run Istio Secret Discovery Service (SDS) for your mesh on Kops managed clusters, you must add extra configurations to enable service account token projection volumes in the api-server.

  1. Open the configuration file:

    1. $ kops edit cluster $YOURCLUSTER

  2. Add the following in the configuration file:

    1. kubeAPIServer:
    2.     apiAudiences:
    3.     - api
    4.     - istio-ca
    5.     serviceAccountIssuer: kubernetes.default.svc

  3. Perform the update:

    1. $ kops update cluster
    2. $ kops update cluster --yes

  4. Launch the rolling update:

    1. $ kops rolling-update cluster
    2. $ kops rolling-update cluster --yes