Kops
No special configuration is required to run Istio on Kubernetes clusters version 1.22 or newer. For prior Kubernetes versions, you will need to continue to perform these steps.
If you wish to run Istio Secret Discovery Service (SDS) for your mesh on Kops managed clusters, you must add extra configurations to enable service account token projection volumes in the api-server.
Open the configuration file:
$ kops edit cluster $YOURCLUSTER
Add the following in the configuration file:
kubeAPIServer:
apiAudiences:
- api
- istio-ca
serviceAccountIssuer: kubernetes.default.svc
Perform the update:
$ kops update cluster
$ kops update cluster --yes
Launch the rolling update:
$ kops rolling-update cluster
$ kops rolling-update cluster --yes