diff --git a/charts/kubezero-istio-gateway/values.yaml b/charts/kubezero-istio-gateway/values.yaml
index f99abba3..39a37a87 100644
--- a/charts/kubezero-istio-gateway/values.yaml
+++ b/charts/kubezero-istio-gateway/values.yaml
@@ -33,6 +33,6 @@ certificates: []
 #  dnsNames: []
 
 telemetry:
-  enabled: falser
+  enabled: false
 
 proxyProtocol: true
diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml
index d26f8ef2..adec62c1 100644
--- a/charts/kubezero/templates/istio-ingress.yaml
+++ b/charts/kubezero/templates/istio-ingress.yaml
@@ -6,7 +6,12 @@ gateway:
     app: istio-ingressgateway
     istio: ingressgateway
 
-  # Only nodes who are fronted with matching private NLB
+  {{- with index .Values "istio-ingress" "gateway" "replicaCount" }}
+  replicaCount: {{ . }}
+  {{- end }}
+
+  {{- if not (index .Values "istio-ingress" "gateway" "affinity") }}
+  # Only nodes who are fronted with matching LB
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -23,8 +28,12 @@ gateway:
             values:
             - istio-ingressgateway
         topologyKey: "kubernetes.io/hostname"
+  {{- end }}
 
   service:
+    {{- with index .Values "istio-ingress" "gateway" "service" "type" }}
+    type: {{ . }}
+    {{- end }}
     ports:
     - name: status-port
       port: 15021
@@ -44,6 +53,9 @@ gateway:
       gatewayProtocol: HTTPS
       tls:
         mode: SIMPLE
+    {{- with index .Values "istio-ingress" "gateway" "service" "ports" }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 
   # custom hardened bootstrap config
   env:
@@ -57,10 +69,6 @@ gateway:
       name: custom-bootstrap-volume
       readOnly: true
 
-  {{- with index .Values "istio-ingress" "gateway" }}
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-
 telemetry:
   enabled: {{ $.Values.metrics.enabled }}
 certificates:
diff --git a/charts/kubezero/templates/istio-private-ingress.yaml b/charts/kubezero/templates/istio-private-ingress.yaml
index bd6433ea..1d68f907 100644
--- a/charts/kubezero/templates/istio-private-ingress.yaml
+++ b/charts/kubezero/templates/istio-private-ingress.yaml
@@ -10,7 +10,8 @@ gateway:
   replicaCount: {{ . }}
   {{- end }}
 
-  # Only nodes who are fronted with matching private NLB
+  {{- if not (index .Values "istio-private-ingress" "gateway" "affinity") }}
+  # Only nodes who are fronted with matching LB
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -27,6 +28,7 @@ gateway:
             values:
             - istio-private-ingressgateway
         topologyKey: "kubernetes.io/hostname"
+  {{- end }}
 
   service:
     ports: