Kops

If you wish to run Istio Secret Discovery Service (SDS) for your mesh on Kops managed clusters, you must add extra configurations to enable service account token projection volumes in the api-server.

  1. Open the configuration file:

    $ kops edit cluster $YOURCLUSTER
    
  2. Add the following in the configuration file:

    kubeAPIServer:
        apiAudiences:
        - api
        - istio-ca
        serviceAccountIssuer: kubernetes.default.svc
        serviceAccountKeyFile:
        - /srv/kubernetes/server.key
        serviceAccountSigningKeyFile: /srv/kubernetes/server.key
    
  3. Perform the update:

    $ kops update cluster
    $ kops update cluster --yes
    
  4. Launch the rolling update:

    $ kops rolling-update cluster
    $ kops rolling-update cluster --yes
    
Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!