Kops

If you wish to run Istio Secret Discovery Service (SDS) for your mesh on Kops managed clusters, you must add extra configurations to enable service account token projection volumes in the api-server.

Open the configuration file:
```
$ kops edit cluster $YOURCLUSTER
```

Add the following in the configuration file:

kubeAPIServer:
    apiAudiences:
    - api
    - istio-ca
    serviceAccountIssuer: kubernetes.default.svc
    serviceAccountKeyFile:
    - /srv/kubernetes/server.key
    serviceAccountSigningKeyFile: /srv/kubernetes/server.key

Perform the update:

$ kops update cluster
$ kops update cluster --yes

Launch the rolling update:

$ kops rolling-update cluster
$ kops rolling-update cluster --yes

Was this information useful?

Do you have any suggestions for improvement?

Thanks for your feedback!