Amazon Web Services

Follow these instructions to prepare an AWS cluster with Kops for Istio.

When you install a new cluster with Kubernetes version 1.9, the prerequisite to enable admissionregistration.k8s.io/v1beta1 is covered.

Nevertheless, you must update the list of admission controllers.

1. Open the configuration file:

   $ kops edit cluster $YOURCLUSTER

2. Add the following in the configuration file:

   kubeAPIServer:
       admissionControl:
       - NamespaceLifecycle
       - LimitRanger
       - ServiceAccount
       - PersistentVolumeLabel
       - DefaultStorageClass
       - DefaultTolerationSeconds
       - MutatingAdmissionWebhook
       - ValidatingAdmissionWebhook
       - ResourceQuota
       - NodeRestriction
       - Priority

3. Perform the update:

   $ kops update cluster
   $ kops update cluster --yes

4. Launch the rolling update:

   $ kops rolling-update cluster
   $ kops rolling-update cluster --yes

5. Validate the update with the kubectl client on the kube-api pod, you should see new admission controller:

   $ for i in `kubectl \
     get pods -nkube-system | grep api | awk '{print $1}'` ; \
     do  kubectl describe pods -nkube-system \
     $i | grep "/usr/local/bin/kube-apiserver"  ; done

6. Review the output:

   [...]
   --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,
   PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,
   MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,
   NodeRestriction,Priority
   [...]