fix: allow overriding istio gateway

GluuFederation · Sep 29, 2022 · 280f432 · 280f432
1 parent c572384
commit 280f432
Show file tree

Hide file tree

Showing 41 changed files with 226 additions and 86 deletions.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.7.tgz b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.7.tgz
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml
@@ -39,64 +39,64 @@ maintainers:
   email: support@gluu.org
 description: Gluu Access and Identity Management
 name: gluu
-version: 5.0.6
+version: 5.0.7
 dependencies:
     - name: config
       condition: global.config.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: config-api
       condition: global.config-api.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: opendj
       condition: global.opendj.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: auth-server
       condition: global.auth-server.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: admin-ui
       condition: global.admin-ui.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: fido2
       condition: global.fido2.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: scim
       condition: global.scim.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: nginx-ingress
       condition: global.nginx-ingress.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: oxshibboleth
       condition: global.oxshibboleth.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: oxpassport
-      version: 5.0.6
+      version: 5.0.7
       condition: global.oxpassport.enabled
 
     - name: casa
-      version: 5.0.6
+      version: 5.0.7
       condition: global.casa.enabled
 
     - name: auth-server-key-rotation
       condition: global.auth-server-key-rotation.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: client-api
       condition: global.client-api.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: persistence
       condition: global.persistence.enabled
-      version: 5.0.6
+      version: 5.0.7
 
     - name: cn-istio-ingress
       condition: global.istio.ingress
-      version: 5.0.6
+      version: 5.0.7
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md
@@ -1,6 +1,6 @@
 # gluu
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Gluu Access and Identity Management
 
@@ -23,21 +23,21 @@ Kubernetes: `>=v1.21.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | admin-ui | 5.0.6 |
-|  | auth-server | 5.0.6 |
-|  | auth-server-key-rotation | 5.0.6 |
-|  | casa | 5.0.6 |
-|  | client-api | 5.0.6 |
-|  | cn-istio-ingress | 5.0.6 |
-|  | config | 5.0.6 |
-|  | config-api | 5.0.6 |
-|  | fido2 | 5.0.6 |
-|  | nginx-ingress | 5.0.6 |
-|  | opendj | 5.0.6 |
-|  | oxpassport | 5.0.6 |
-|  | oxshibboleth | 5.0.6 |
-|  | persistence | 5.0.6 |
-|  | scim | 5.0.6 |
+|  | admin-ui | 5.0.7 |
+|  | auth-server | 5.0.7 |
+|  | auth-server-key-rotation | 5.0.7 |
+|  | casa | 5.0.7 |
+|  | client-api | 5.0.7 |
+|  | cn-istio-ingress | 5.0.7 |
+|  | config | 5.0.7 |
+|  | config-api | 5.0.7 |
+|  | fido2 | 5.0.7 |
+|  | nginx-ingress | 5.0.7 |
+|  | opendj | 5.0.7 |
+|  | oxpassport | 5.0.7 |
+|  | oxshibboleth | 5.0.7 |
+|  | persistence | 5.0.7 |
+|  | scim | 5.0.7 |
 
 ## Values
 
@@ -291,9 +291,9 @@ Kubernetes: `>=v1.21.0-0`
 | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":false},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"casaServiceName":"casa","enabled":true},"client-api":{"appLoggers":{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2"},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. |
+| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"casaServiceName":"casa","enabled":true},"client-api":{"appLoggers":{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2"},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. |
 | global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. |
-| global.admin-ui.enabled | bool | `false` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. |
+| global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. |
 | global.alb.ingress | bool | `false` | Activates ALB ingress |
 | global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. |
 | global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. |
@@ -383,6 +383,7 @@ Kubernetes: `>=v1.21.0-0`
 | global.istio.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | global.istio.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | global.istio.enabled | bool | `false` | Boolean flag that enables using istio side-cars with Gluu services. |
+| global.istio.gateways | list | `[]` | Override the gateway that can be created from global.istio.ingress. This is used when istio ingress has already been setup and the gateway exists. global.istio.ingress must be set to false otherwise the override will not work. |
 | global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. |
 | global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. |
 | global.jobTtlSecondsAfterFinished | int | `300` | https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml
@@ -1,7 +1,7 @@
 # All Rights Reserved © 2021
 apiVersion: v2
 name: admin-ui
-version: 5.0.6
+version: 5.0.7
 kubeVersion: ">=v1.21.0-0"
 description: Admin GUI. Requires license.
 type: application

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md
@@ -1,6 +1,6 @@
 # admin-ui
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Admin GUI. Requires license.
 

diff --git a/...u/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-virtual-services.yaml b/...u/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-virtual-services.yaml
@@ -18,8 +18,13 @@ metadata:
 spec:
   hosts:
   - {{ .Values.global.fqdn }}
+{{- if and (.Values.global.istio.gateways) (not .Values.global.istio.ingress) }}
   gateways:
-  - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service.
+{{ toYaml .Values.global.istio.gateways | indent 2 }}
+{{- else }}
+  gateways:
+  - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: "{{ .Release.Name }}-istio-cn"
     match:

diff --git a/...cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml b/...cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: auth-server-key-rotation
-version: 5.0.6
+version: 5.0.7
 kubeVersion: ">=v1.21.0-0"
 description: Responsible for regenerating auth-keys per x hours
 type: application

diff --git a/...pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md b/...pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md
@@ -1,6 +1,6 @@
 # auth-server-key-rotation
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Responsible for regenerating auth-keys per x hours
 

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: auth-server
-version: 5.0.6
+version: 5.0.7
 kubeVersion: ">=v1.21.0-0"
 description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
 type: application

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md
@@ -1,6 +1,6 @@
 # auth-server
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
 

diff --git a/...rnetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml b/...rnetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml
@@ -18,8 +18,13 @@ metadata:
 spec:
   hosts:
   - {{ .Values.global.fqdn }}
+{{- if and (.Values.global.istio.gateways) (not .Values.global.istio.ingress) }}
   gateways:
-  - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service.
+{{ toYaml .Values.global.istio.gateways | indent 2 }}
+{{- else }}
+  gateways:
+  - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: "{{ .Release.Name }}-istio-openid-config"
     match:

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: casa
-version: 5.0.6
+version: 5.0.7
 kubeVersion: ">=v1.21.0-0"
 description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 type: application

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md
@@ -1,6 +1,6 @@
 # casa
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 

diff --git a/...up/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml b/...up/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml
@@ -16,8 +16,13 @@ metadata:
 {{ toYaml .Values.additionalAnnotations | indent 4 }}
 {{- end }}
 spec:
+{{- if and (.Values.global.istio.gateways) (not .Values.global.istio.ingress) }}
+  gateways:
+{{ toYaml .Values.global.istio.gateways | indent 2 }}
+{{- else }}
   gateways:
   - {{ .Release.Name }}-global-gtw
+{{- end }}
   hosts:
   - {{ .Values.global.fqdn }}
   http:

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: client-api
-version: 5.0.6
+version: 5.0.7
 kubeVersion: ">=v1.21.0-0"
 description: Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.
 type: application

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md
@@ -1,6 +1,6 @@
 # client-api
 
-![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.