Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Managed Service for Kubernetes
  • Comparison with other Yandex Cloud services
  • Getting started
    • All guides
    • Connecting to a node over SSH
    • Connecting to a node via OS Login
    • Updating Kubernetes
    • Configuring autoscaling
    • Activating a Kubernetes Terraform provider
      • Getting started with Cloud Marketplace
      • Installing Argo CD
      • Installing Chaos Mesh
      • Installing cert-manager with the Cloud DNS ACME webhook plugin
      • Installing Container Storage Interface for S3
      • Installing Crossplane
      • Installing External Secrets Operator
      • Installing ExternalDNS with a plugin for Cloud DNS
      • Installing Falco
      • Installing Filebeat OSS
      • Installing Fluent Bit
      • Installing Gatekeeper
      • Installing Gateway API
      • Installing the GitLab Agent
      • Installing GitLab Runner
      • Installing HashiCorp Vault
      • Installing Ingress NGINX
      • Installing an Application Load Balancer ingress controller
      • Upgrading an Application Load Balancer ingress controller
      • Installing Istio
      • Installing Jaeger
      • Installing Kruise
      • Installing Kyverno & Kyverno Policies
      • Installing Loki
      • Installing Metrics Provider
      • Installing NodeLocal DNS
      • Installing Policy Reporter
      • Installing Prometheus Operator
      • Installing Thumbor
      • Installing Velero
    • Connecting external nodes to the cluster
    • Configuring WireGuard gateways to connect external nodes to a cluster
    • Configuring IPSec gateways to connect external nodes to a cluster
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Getting started
  • Installation using Yandex Cloud Marketplace
  • Installation using a Helm chart
  • Application autoupdate
  • Use cases
  • See also
  1. Step-by-step guides
  2. Installing apps from Cloud Marketplace
  3. Installing Gateway API

Installing Gateway API

Written by
Yandex Cloud
Improved by
Dmitry A.
Updated at June 9, 2025
  • Getting started
  • Installation using Yandex Cloud Marketplace
  • Installation using a Helm chart
  • Application autoupdate
  • Use cases
  • See also

Gateway API is a collection of API resources that model network communications in a Managed Service for Kubernetes cluster, including GatewayClass, Gateway, HTTPRoute, etc.

In Managed Service for Kubernetes, Gateway API launches Yandex Application Load Balancer and its auxiliary resources when a Kubernetes user announces the Gateway resource in a Managed Service for Kubernetes cluster.

Getting startedGetting started

  1. If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

    By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  2. Create a service account required for Gateway API.

  3. Assign the following roles to the service account:

    • alb.editor: To create resources.
    • vpc.publicAdmin: To manage external connectivity.
    • certificate-manager.admin: To use certificates registered in Yandex Certificate Manager.
    • compute.viewer: To use Managed Service for Kubernetes cluster nodes in balancer target groups.
  4. Create an authorized key for your service account and save it to the sa-key.json file:

    yc iam key create \
      --service-account-name <name_of_service_account_for_Gateway_API> \
      --output sa-key.json
    
  5. Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

Installation using Yandex Cloud MarketplaceInstallation using Yandex Cloud Marketplace

  1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
  2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
  3. Under Application available for installation, select Gateway API and click Go to install.
  4. Configure the application:
    • Namespace: Create a new namespace, e.g., gateway-api-space. If you leave the default namespace, Gateway API may work incorrectly.
    • Application name: Specify the application name.
    • Folder ID: Select the folder where you want to create your load balancers.
    • Network ID: Select the cloud network where your load balancers will reside.
    • Subnet ID 1, Subnet ID 2, Subnet ID 3: Select subnets where your load balancers will reside.
    • Service account key: Paste the contents of the sa-key.json file or create a new service account key.
  5. Click Install.
  6. Wait for the application to change its status to Deployed.

Installation using a Helm chartInstallation using a Helm chart

  1. Install Helm v3.8.0 or higher.

  2. Install kubect and configure it to work with the new cluster.

  3. To install a Helm chart with Gateway API, run this command:

    helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm/gateway-api \
      --version v0.7.2 \
      --untar && \
    helm install \
      --namespace <namespace> \
      --create-namespace \
      --set folderId='<folder_ID>' \
      --set networkId='<cloud_network_ID>' \
      --set subnet1Id='<subnet_1_ID>' \
      --set subnet2Id='<subnet_2_ID>' \
      --set subnet3Id='<subnet_3_ID>' \
      --set-file saKeySecretKey='<path_to_sa-key.json>' \
      gateway-api ./gateway-api/
    

    In this command, specify the network and its subnets where your load balancers will reside.

    If you set namespace to the default namespace, Gateway API may work incorrectly. We recommend that you specify a value different from all existing namespaces (e.g., gateway-api-space).

    Note

    If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

Application autoupdateApplication autoupdate

Gateway API 0.6.0 contains a Gateway API CRD upgrade from version 0.6.2 to 1.2.1. When upgrading your Gateway API from version 0.5.0 or lower to version 0.6.0, installing from the Helm chart will automatically upgrade Gateway API CRDs and all dependent resources in the Managed Service for Kubernetes cluster. The upgrade is secure, meaning that none of your Application Load Balancer resources will be deleted or recreated.

An autoupdate from version 0.5.0 or lower follows this procedure:

  1. The cluster is checked for GRPCRoute or ReferenceGrant user resources. If it does, the update is blocked to avoid conflicts, as the new version CRDs for these resources are incompatible with the previous version. For manual updates, see below.
  2. The Gateway API controller is stopped; the number of replicas is reduced to zero.
  3. The CRDs of the GRPCRoute resources are removed; the CRDs of the remaining dependent resources of the new Gateway API version are applied.
  4. The Gateway API controller is started; the number of replicas is back at the original level.

To disable CRD autoupdate, add this Helm chart installation command parameter: --set crdsAutoUpgrade=false. In which case your resources will be updated, but you will need to update the Gateway API CRDs manually. For the CRD file, go to the crds directory in the Helm chart archive.

Upgrading Gateway API manually
  1. Create a backup of your Gateway API resources.
  2. Stop the Gateway API controller.
  3. Remove all GRPCRoute resources from your cluster.
  4. Apply the new versions of the Gateway API resource CRDs. For the CRD file, go to the crds directory in the Helm chart archive.
  5. Start the Gateway API controller.
  6. In your GRPCRoute resource specification, replace the apiVersion value with gateway.networking.k8s.io/v1 and apply the specification.
  7. Install the new Helm chart version.

Use casesUse cases

  • Setting up Gateway API.

See alsoSee also

  • Gateway API project description.
  • Gateway API description and configuration information in the Application Load Balancer guides.

Was the article helpful?

Previous
Installing Gatekeeper
Next
Installing the GitLab Agent
© 2025 Direct Cursus Technology L.L.C.