diff --git a/ansible/k8s/components/istio/README.md b/ansible/k8s/components/istio/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f37e4fb6946596d0587163887abc6704b2e5cdb3
--- /dev/null
+++ b/ansible/k8s/components/istio/README.md
@@ -0,0 +1,6 @@
+```bash
+kubectl get deployment -n istio-operator istio-operator || istioctl operator init
+kubectl apply -f istio.yaml
+kubectl apply -f istio-https-redirecter.yaml
+```
+
diff --git a/ansible/k8s/components/istio/istio-https-redirecter.yaml b/ansible/k8s/components/istio/istio-https-redirecter.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9130bdd449800bed4b628fed91e485776ab5cf7e
--- /dev/null
+++ b/ansible/k8s/components/istio/istio-https-redirecter.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: http-redirect-gw
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - hosts:
+        - '*'
+      port:
+        name: http
+        number: 80
+        protocol: HTTP
+      tls:
+        httpsRedirect: true
diff --git a/ansible/k8s/components/istio/istio.yaml b/ansible/k8s/components/istio/istio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7f50ab4e5b2d6d77c177f86bb95ce18ef7bb16fe
--- /dev/null
+++ b/ansible/k8s/components/istio/istio.yaml
@@ -0,0 +1,76 @@
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: istio-prio
+value: 2000
+---
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  namespace: istio-system
+  name: main-istiocontrolplane
+spec:
+  hub: docker.io/querycapistio
+  profile: default
+  components:
+    pilot:
+      k8s:
+        priorityClassName: istio-prio
+    ingressGateways:
+      - name: istio-ingressgateway
+        enabled: true
+        k8s:
+          replicaCount: 2
+          priorityClassName: istio-prio
+          service:
+            type: LoadBalancer
+            loadBalancerIP: 192.168.44.1
+            ports:
+              - port: 80
+                name: http2
+                targetPort: 8080
+              - port: 443
+                name: https
+                targetPort: 8443
+          affinity:
+            nodeAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                  - matchExpressions:
+                      - key: kubernetes.io/arch
+                        operator: In
+                        values:
+                          - arm64
+                          - amd64
+                          - ppc64le
+                          - s390x
+              preferredDuringSchedulingIgnoredDuringExecution:
+                - weight: 2
+                  preference:
+                    matchExpressions:
+                      - key: kubernetes.io/arch
+                        operator: In
+                        values:
+                          - arm64
+                - weight: 2
+                  preference:
+                    matchExpressions:
+                      - key: kubernetes.io/arch
+                        operator: In
+                        values:
+                          - amd64
+                - weight: 2
+                  preference:
+                    matchExpressions:
+                      - key: kubernetes.io/arch
+                        operator: In
+                        values:
+                          - ppc64le
+                - weight: 2
+                  preference:
+                    matchExpressions:
+                      - key: kubernetes.io/arch
+                        operator: In
+                        values:
+                          - s390x