Amazon Web Services

Follow these instructions to prepare an AWS cluster with Kops for Istio.

When you install a new cluster with Kubernetes version 1.9, the prerequisite to enable admissionregistration.k8s.io/v1beta1 is covered.

Nevertheless, you must update the list of admission controllers.

  1. Open the configuration file:

    $ kops edit cluster $YOURCLUSTER
  2. Add the following in the configuration file:

    kubeAPIServer:
        admissionControl:
        - NamespaceLifecycle
        - LimitRanger
        - ServiceAccount
        - PersistentVolumeLabel
        - DefaultStorageClass
        - DefaultTolerationSeconds
        - MutatingAdmissionWebhook
        - ValidatingAdmissionWebhook
        - ResourceQuota
        - NodeRestriction
        - Priority
  3. Perform the update:

    $ kops update cluster
    $ kops update cluster --yes
  4. Launch the rolling update:

    $ kops rolling-update cluster
    $ kops rolling-update cluster --yes
  5. Validate the update with the kubectl client on the kube-api pod, you should see new admission controller:

    $ for i in `kubectl \
      get pods -nkube-system | grep api | awk '{print $1}'` ; \
      do  kubectl describe pods -nkube-system \
      $i | grep "/usr/local/bin/kube-apiserver"  ; done
  6. Review the output:

    [...]
    --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,
    PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,
    MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,
    NodeRestriction,Priority
    [...]