Kops

If you wish to run Istio Secret Discovery Service (SDS) for your mesh on Kops managed clusters, you must add extra configurations to enable service account token projection volumes in the api-server.

  1. Open the configuration file:

    1. $ kops edit cluster $YOURCLUSTER
  2. Add the following in the configuration file:

    1. kubeAPIServer:
    2. apiAudiences:
    3. - api
    4. - istio-ca
    5. serviceAccountIssuer: kubernetes.default.svc
  3. Perform the update:

    1. $ kops update cluster
    2. $ kops update cluster --yes
  4. Launch the rolling update:

    1. $ kops rolling-update cluster
    2. $ kops rolling-update cluster --yes