diff -tubr istio/manifests/charts/gateways/istio-ingress/templates/_affinity.tpl istio.zdt/manifests/charts/gateways/istio-ingress/templates/_affinity.tpl
--- istio/manifests/charts/gateways/istio-ingress/templates/_affinity.tpl	2021-07-15 07:32:30.000000000 +0200
+++ istio.zdt/manifests/charts/gateways/istio-ingress/templates/_affinity.tpl	2021-08-10 15:49:57.298616463 +0200
@@ -21,11 +21,16 @@
         {{- end }}
         {{- $nodeSelector := default .global.defaultNodeSelector .nodeSelector -}}
         {{- range $key, $val := $nodeSelector }}
+        {{- if eq $val "Exists" }}
+        - key: {{ $key }}
+          operator: Exists
+        {{- else }}
         - key: {{ $key }}
           operator: In
           values:
           - {{ $val | quote }}
         {{- end }}
+        {{- end }}
 {{- end }}
 
 {{- define "nodeAffinityPreferredDuringScheduling" }}
diff -tubr istio/manifests/charts/gateways/istio-ingress/templates/deployment.yaml istio.zdt/manifests/charts/gateways/istio-ingress/templates/deployment.yaml
--- istio/manifests/charts/gateways/istio-ingress/templates/deployment.yaml	2021-07-15 07:32:30.000000000 +0200
+++ istio.zdt/manifests/charts/gateways/istio-ingress/templates/deployment.yaml	2021-08-10 15:46:23.216421660 +0200
@@ -16,6 +16,8 @@
 {{- if $gateway.replicaCount }}
   replicas: {{ $gateway.replicaCount }}
 {{- end }}
+  # Give the LB 120s to detect and take into service, should only be 40s by we are on AWS so ??
+  minReadySeconds: 120
 {{- end }}
   selector:
     matchLabels:
@@ -65,6 +67,7 @@
 {{- if .Values.global.priorityClassName }}
       priorityClassName: "{{ .Values.global.priorityClassName }}"
 {{- end }}
+      terminationGracePeriodSeconds: 120
 {{- if .Values.global.proxy.enableCoreDump }}
       initContainers:
         - name: enable-core-dump
@@ -136,6 +139,11 @@
             privileged: false
             readOnlyRootFilesystem: true
         {{- end }}
+          #This needs kube-proxy support coming with 1.22 hopefully, cilium ?
+          #lifecycle:
+          #  preStop:
+          #    exec:
+          #      command: ["/bin/sh","-c","sleep 30"]
           readinessProbe:
             failureThreshold: 30
             httpGet:
diff -tubr istio/manifests/charts/gateways/istio-ingress/templates/service.yaml istio.zdt/manifests/charts/gateways/istio-ingress/templates/service.yaml
--- istio/manifests/charts/gateways/istio-ingress/templates/service.yaml	2021-07-15 07:32:30.000000000 +0200
+++ istio.zdt/manifests/charts/gateways/istio-ingress/templates/service.yaml	2021-08-10 19:58:01.037876557 +0200
@@ -34,9 +34,11 @@
     {{- range $key, $val := $gateway.ports }}
     -
       {{- range $pkey, $pval := $val }}
+      {{- if has $pkey (list "name" "nodePort" "port" "targetPort") }}
       {{ $pkey}}: {{ $pval }}
       {{- end }}
     {{- end }}
+    {{- end }}
 
   {{ range $app := $gateway.ingressPorts }}
     -
diff -tubr istio/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml istio.zdt/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml
--- istio/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml	2021-07-15 07:32:30.000000000 +0200
+++ istio.zdt/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml	2021-08-10 15:46:23.216421660 +0200
@@ -60,6 +60,9 @@
 {{- end }}
       securityContext:
         fsGroup: 1337
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
       containers:
         - name: discovery
 {{- if contains "/" .Values.pilot.image }}