Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Installing Istio

Written by
Improved by
Updated at March 20, 2026

Istio implements a service mesh, a low-latency infrastructure layer that manages large-scale network communications between services in a Managed Service for Kubernetes cluster.

Istio provides:

  • Encrypted inter-service communication in a cluster.
  • Authentication across services.
  • Load balancing for HTTP, TCP, RPC, and WebSocket traffic.
  • Detailed traffic monitoring based on extensive routing rules.

The application contains Istio ingress gateway, a component for setting up an entry point for external traffic.

Note

To use Istio, you need a node group with at least 6 GB of RAM.

Getting started

  1. If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.

  2. Make sure the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If a rule is missing, add it.

    Warning

    The configuration of security groups determines performance and availability of the cluster and the services and applications running in it.

  3. Install kubect and configure it to work with the new cluster.

Installation from Yandex Cloud Marketplace

  1. In the management console, select a folder.
  2. Go to Managed Service for Kubernetes.
  3. Click the name of your cluster and select the Marketplace tab.
  4. Under Application available for installation, select Istio and click Go to install.
  5. Configure the application:
    • Namespace: Create a new namespace, e.g., istio-space. If you leave the default namespace, Istio may work incorrectly.
    • Application name: Specify the application name.
    • Install add-ons: Select this option to automatically install the add-ons: Kiali management console, and such components as Grafana, Prometheus and Loki.
  6. Click Install.
  7. Wait for the application status to change to Deployed.

Installation using a Helm chart

  1. Install Helm v3.8.0 or higher.

  2. Install kubect and configure it to work with the new cluster.

  3. To install a Helm chart with Istio, run this command:

    helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/istio/istio \
  --version 1.21.2-1 \
  --untar && \
helm install \
  --namespace <namespace> \
  --create-namespace \
istio ./istio/

    If you set namespace to the default namespace, Istio may work incorrectly. We recommend specifying a value different from all the existing namespaces, e.g., istio-space.

    Note

    If you are using a Helm version below 3.8.0, add the export HELM_EXPERIMENTAL_OCI=1 && \ string at the beginning of the command to enable Open Container Initiative (OCI) support in the Helm client.

See also

Previous
Upgrading the Application Load Balancer Ingress controller
Next
Installing KEDA