Supporting Istio version 1.3.0

This release of Citrix `istio-adaptor` is compatible with Istio Version 1.3.0

Author: subashd

README.md

@@ -12,7 +12,7 @@
 
 ## Description
 
-This repository contains various integrations of [Citrix ADC](https://www.citrix.com/products/citrix-adc/platforms.html) with [Istio 1.1.2](https://istio.io/).
+This repository contains various integrations of [Citrix ADC](https://www.citrix.com/products/citrix-adc/platforms.html) with [Istio 1.3.0](https://istio.io/).
 
 # Table of Contents
 
@@ -110,7 +110,7 @@ The detailed list of fields supported on Citrix ADC as per the Istio CRDs (Desti
 
 ## <a name="release-notes">Release Notes</a>
 
-Click [here](docs/release-notes.md) for the release notes of the latest Citrix `istio-adaptor`.
+Click [here](https://github.com/citrix/citrix-istio-adaptor/releases) for the release notes of the latest Citrix `istio-adaptor`.
 
 ## <a name="contributions">Contributions</a>
 

Version

@@ -1 +1 @@
-1.0.0
+1.1.0

adsclient/ads_client.go

@@ -114,9 +114,11 @@ func cdsHandler(client *AdsClient, m *xdsapi.DiscoveryResponse) {
 	clusterNames := make(map[string]bool)
 	edsResources := make(map[string]interface{})
 	requestEds := false
+	// Before Istio v1.3, DiscoveryResponse had Resources field declared as []types.Any.
+	// From v1.3 onwards, Resources field is declared as []*types.Any.
 	cdsResource := &xdsapi.Cluster{}
 	for _, resource := range m.Resources {
-		if err := types.UnmarshalAny(&resource, cdsResource); err != nil {
+		if err := types.UnmarshalAny(resource, cdsResource); err != nil {
 			continue
 		}
 		clusterNames[cdsResource.Name] = true
@@ -147,9 +149,11 @@ func ldsHandler(client *AdsClient, m *xdsapi.DiscoveryResponse) {
 	ldsResources := make(map[string]interface{})
 	requestRds := false
 	requestCds := false
+	// Before Istio v1.3, DiscoveryResponse had Resources field declared as []types.Any.
+	// From v1.3 onwards, Resources field is declared as []*types.Any.
 	ldsResource := &xdsapi.Listener{}
 	for _, resource := range m.Resources {
-		if err := types.UnmarshalAny(&resource, ldsResource); err != nil {
+		if err := types.UnmarshalAny(resource, ldsResource); err != nil {
 		}
 		ldsResources[ldsResource.Name] = true
 		dependentResources := client.ldsAddHandler(client.nsConfigAdaptor, ldsResource)
@@ -190,7 +194,7 @@ func ldsHandler(client *AdsClient, m *xdsapi.DiscoveryResponse) {
 func edsHandler(client *AdsClient, m *xdsapi.DiscoveryResponse) {
 	edsResource := &xdsapi.ClusterLoadAssignment{}
 	for _, resource := range m.Resources {
-		if err := types.UnmarshalAny(&resource, edsResource); err != nil {
+		if err := types.UnmarshalAny(resource, edsResource); err != nil {
 		}
 		if _, ok := client.apiRequests[edsURL].resources[edsResource.GetClusterName()]; !ok {
 			log.Printf("[ERROR]: received an EDS resource that we haven't yet subscribed for %s ... ignoring", edsResource.GetClusterName())
@@ -205,7 +209,7 @@ func rdsHandler(client *AdsClient, m *xdsapi.DiscoveryResponse) {
 	rdsToLds := make(map[string][]*xdsapi.RouteConfiguration)
 	for _, resource := range m.Resources {
 		rdsResource := &xdsapi.RouteConfiguration{}
-		if err := types.UnmarshalAny(&resource, rdsResource); err != nil {
+		if err := types.UnmarshalAny(resource, rdsResource); err != nil {
 			continue
 		}
 		if _, ok := client.apiRequests[rdsURL].resources[rdsResource.GetName()]; !ok {

adsclient/ads_handler.go

@@ -17,12 +17,15 @@ import (
 	"citrix-istio-adaptor/nsconfigengine"
 	"fmt"
 	xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2"
+	core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
+	xdsListener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
 	xdsRoute "github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
 	envoyFault "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/fault/v2"
 	envoyFilterHttp "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2"
 	envoyFilterTcp "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2"
 	envoyType "github.com/envoyproxy/go-control-plane/envoy/type"
 	envoyUtil "github.com/envoyproxy/go-control-plane/pkg/util"
+	proto "github.com/gogo/protobuf/proto"
 	types "github.com/gogo/protobuf/types"
 	istioAuth "istio.io/api/authentication/v1alpha1"
 	istioFilter "istio.io/api/envoy/config/filter/http/authn/v2alpha1"
@@ -132,6 +135,30 @@ func clusterAdd(nsConfig *configAdaptor, cluster *xdsapi.Cluster, data interface
 				RootCertFilename:   cluster.GetTlsContext().GetCommonTlsContext().GetValidationContext().GetTrustedCa().GetFilename()})
 		}
 	}
+	/* Outlier Detection */
+	if serviceType == "HTTP" && cluster.GetOutlierDetection() != nil {
+		lbObj.LbMonitorObj = new(nsconfigengine.LBMonitor)
+		lbObj.LbMonitorObj.Retries = int(cluster.GetOutlierDetection().GetConsecutiveGatewayFailure().GetValue())
+		if cluster.GetOutlierDetection().GetInterval() != nil {
+			if cluster.GetOutlierDetection().GetInterval().GetNanos() != 0 { // If units are in Nano seconds, convert all to milli seconds as Citrix ADC understands that as smallest unit
+				lbObj.LbMonitorObj.Interval = int(cluster.GetOutlierDetection().GetInterval().GetSeconds()*1000) + int(cluster.GetOutlierDetection().GetInterval().GetNanos())/valueNameToNum["MILLION"]
+				lbObj.LbMonitorObj.IntervalUnits = "MSEC"
+			} else {
+				lbObj.LbMonitorObj.Interval = int(cluster.GetOutlierDetection().GetInterval().GetSeconds())
+				lbObj.LbMonitorObj.IntervalUnits = "SEC"
+			}
+		}
+		if cluster.GetOutlierDetection().GetBaseEjectionTime() != nil {
+			if cluster.GetOutlierDetection().GetBaseEjectionTime().GetNanos() != 0 {
+				lbObj.LbMonitorObj.DownTime = int(cluster.GetOutlierDetection().GetBaseEjectionTime().GetSeconds()*1000) + int(cluster.GetOutlierDetection().GetBaseEjectionTime().GetNanos())/valueNameToNum["MILLION"]
+				lbObj.LbMonitorObj.DownTimeUnits = "MSEC"
+			} else {
+				lbObj.LbMonitorObj.DownTime = int(cluster.GetOutlierDetection().GetBaseEjectionTime().GetSeconds())
+				lbObj.LbMonitorObj.DownTimeUnits = "SEC"
+			}
+		}
+	}
+
 	nsConfig.addConfig(&configBlock{configType: cdsAdd, resourceName: lbObj.Name, resource: lbObj})
 	if (cluster.GetType() == xdsapi.Cluster_STATIC) || (cluster.GetType() == xdsapi.Cluster_STRICT_DNS) {
 		if cluster.GetLoadAssignment() != nil {
@@ -169,7 +196,7 @@ func getAuthConfig(nsConfig *configAdaptor, listenerName string, httpFilters []*
 		switch httpFilter.GetName() {
 		case "istio_authn":
 			filterConfig := &istioFilter.FilterConfig{}
-			if err := envoyUtil.StructToMessage(httpFilter.GetConfig(), filterConfig); err == nil {
+			if err := getHTTPFilterConfig(httpFilter, filterConfig); err == nil {
 				authnPolicy := filterConfig.GetPolicy()
 				for _, origin := range authnPolicy.GetOrigins() {
 					authSpec := &nsconfigengine.AuthSpec{Name: nsconfigengine.GetNSCompatibleName(listenerName), Issuer: origin.GetJwt().GetIssuer(), JwksURI: origin.GetJwt().GetJwksUri(), Audiences: origin.GetJwt().GetAudiences()}
@@ -184,6 +211,8 @@ func getAuthConfig(nsConfig *configAdaptor, listenerName string, httpFilters []*
 					authSpec.FrontendTLS = append(authSpec.FrontendTLS, nsconfigengine.SSLSpec{CertFilename: clientCertFile, PrivateKeyFilename: clientKeyFile, RootCertFilename: cacertFile})
 					return authSpec
 				}
+			} else {
+				log.Printf("[TRACE] getHTTPFilterConfig returned error!")
 			}
 			break
 		}
@@ -224,10 +253,21 @@ func getListenerConfig(nsConfig *configAdaptor, listener *xdsapi.Listener, servi
 	return csObj
 }
 
+func isSNIListener(filterChain *xdsListener.FilterChain) bool {
+	if filterChain.GetFilterChainMatch().GetServerNames() != nil {
+		return true
+	}
+	return false
+}
+
 func getListenerType(l *xdsapi.Listener) (string, string, string, error) {
 	listenerAddress := l.GetAddress()
 	tlsContextExists := false
 	for _, filterChain := range l.GetFilterChains() {
+		// TODO: Handling FilterChainMatch case.
+		if l.GetTrafficDirection() != core.TrafficDirection_INBOUND && filterChain.GetFilterChainMatch() != nil && isSNIListener(filterChain) == false {
+			continue
+		}
 		if filterChain.GetTlsContext() != nil {
 			tlsContextExists = true
 		}
@@ -252,12 +292,40 @@ func getListenerType(l *xdsapi.Listener) (string, string, string, error) {
 	return "", "", "", fmt.Errorf("Unknown filter type")
 }
 
+func getListenerFilterConfig(filter *xdsListener.Filter, out proto.Message) error {
+	switch c := filter.ConfigType.(type) {
+	case *xdsListener.Filter_Config:
+		if err := envoyUtil.StructToMessage(c.Config, out); err != nil {
+			return err
+		}
+	case *xdsListener.Filter_TypedConfig:
+		if err := types.UnmarshalAny(c.TypedConfig, out); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func getHTTPFilterConfig(filter *envoyFilterHttp.HttpFilter, out proto.Message) error {
+	switch c := filter.ConfigType.(type) {
+	case *envoyFilterHttp.HttpFilter_Config:
+		if err := envoyUtil.StructToMessage(c.Config, out); err != nil {
+			return err
+		}
+	case *envoyFilterHttp.HttpFilter_TypedConfig:
+		if err := types.UnmarshalAny(c.TypedConfig, out); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func listenerAdd(nsConfig *configAdaptor, listener *xdsapi.Listener) map[string]interface{} {
 	log.Printf("[TRACE] listenerAdd : %s", listener.GetName())
 	log.Printf("[TRACE] listenerAdd : %v", listener)
 	filterType, csVserverType, serviceType, err := getListenerType(listener)
 	if err != nil {
-		log.Printf("[ERROR] listenerAdd : getListenerType failed with - %v", err)
+		log.Printf("[ERROR] listenerAdd %s: getListenerType failed with - %v", listener.GetName(), err)
 		return nil
 	}
 	csObj := getListenerConfig(nsConfig, listener, csVserverType)
@@ -274,11 +342,17 @@ func listenerAdd(nsConfig *configAdaptor, listener *xdsapi.Listener) map[string]
 		rdsNames = make([]string, 0)
 	}
 	for _, filterChain := range listener.GetFilterChains() {
+		// TODO: Handling FilterChainMatch case.
+		// Need to create another CS vserver of filter-type with CS policy associated with FilterChainMatch
+		if listener.GetTrafficDirection() != core.TrafficDirection_INBOUND && filterChain.GetFilterChainMatch() != nil && isSNIListener(filterChain) == false {
+			continue
+		}
 		for _, filter := range filterChain.GetFilters() {
 			switch filterName := filter.GetName(); filterName {
 			case envoyUtil.HTTPConnectionManager:
 				httpCM := &envoyFilterHttp.HttpConnectionManager{}
-				if err := envoyUtil.StructToMessage(filter.GetConfig(), httpCM); err != nil {
+				//if err := envoyUtil.StructToMessage(filter.GetConfig(), httpCM); err != nil {
+				if err := getListenerFilterConfig(filter, httpCM); err != nil {
 					log.Printf("[ERROR] listenerAdd: Error loading http connection manager: %v", err)
 				} else {
 					csObj.AuthSpec = getAuthConfig(nsConfig, csObj.Name, httpCM.GetHttpFilters())
@@ -292,7 +366,8 @@ func listenerAdd(nsConfig *configAdaptor, listener *xdsapi.Listener) map[string]
 				}
 			case envoyUtil.TCPProxy:
 				tcpProxy := &envoyFilterTcp.TcpProxy{}
-				if err := envoyUtil.StructToMessage(filter.GetConfig(), tcpProxy); err != nil {
+				//if err := envoyUtil.StructToMessage(filter.GetConfig(), tcpProxy); err != nil {
+				if err := getListenerFilterConfig(filter, tcpProxy); err != nil {
 					log.Printf("[ERROR] listenerAdd: Error loading tcp proxy filter: %v", err)
 				} else {
 					if tcpProxy.GetCluster() != "" {
@@ -406,11 +481,11 @@ func getPersistencyPolicy(hashPolicy []*xdsRoute.RouteAction_HashPolicy) *nsconf
 	return persistency
 }
 
-func getFault(perFilterConfig map[string]*types.Struct) nsconfigengine.Fault {
+func getFault(typedPerFilterConfig map[string]*types.Any) nsconfigengine.Fault {
 	fault := nsconfigengine.Fault{}
-	if _, ok := perFilterConfig[envoyUtil.Fault]; ok {
+	if _, ok := typedPerFilterConfig[envoyUtil.Fault]; ok {
 		envoyFaultConfig := &envoyFault.HTTPFault{}
-		if err := envoyUtil.StructToMessage(perFilterConfig[envoyUtil.Fault], envoyFaultConfig); err == nil {
+		if err := types.UnmarshalAny(typedPerFilterConfig[envoyUtil.Fault], envoyFaultConfig); err == nil {
 			if envoyFaultConfig.GetAbort() != nil {
 				percent := envoyFaultConfig.GetAbort().GetPercentage()
 				numerator := percent.GetNumerator()
@@ -462,12 +537,13 @@ func routeUpdate(nsConfig *configAdaptor, routes []*xdsapi.RouteConfiguration, d
 					rule.Headers = append(rule.Headers, nsconfigengine.MatchHeader{Name: headers.GetName(), Exact: headers.GetExactMatch(), Prefix: headers.GetRegexMatch(), Regex: headers.GetPrefixMatch()})
 				}
 				binding.Rule = rule
-				if vroute.GetPerFilterConfig() != nil {
-					binding.Fault = getFault(vroute.GetPerFilterConfig())
+				if vroute.GetTypedPerFilterConfig() != nil {
+					binding.Fault = getFault(vroute.GetTypedPerFilterConfig())
 				}
 				binding.RwPolicy.PrefixRewrite = vroute.GetRoute().GetPrefixRewrite()
 				binding.RwPolicy.HostRewrite = vroute.GetRoute().GetHostRewrite()
-				for _, reqAddHeader := range vroute.GetRoute().GetRequestHeadersToAdd() {
+				//for _, reqAddHeader := range vroute.GetRoute().GetRequestHeadersToAdd()  OLD - 1.1.2
+				for _, reqAddHeader := range vroute.GetRequestHeadersToAdd() {
 					binding.RwPolicy.AddHeaders = append(binding.RwPolicy.AddHeaders, nsconfigengine.RwHeader{Key: reqAddHeader.GetHeader().GetKey(), Value: reqAddHeader.GetHeader().GetValue()})
 				}
 				var persistency *nsconfigengine.PersistencyPolicy

adsclient/ads_handler_test.go

@@ -90,7 +90,7 @@ func getNsConfAdaptor() *configAdaptor {
 func verifyObject(nsConfAdaptor *configAdaptor, configType discoveryType, resourceName string, expectedResource interface{}, expectedResponse interface{}, receivedResponse interface{}) error {
 	compare := reflect.DeepEqual(expectedResponse, receivedResponse)
 	if compare == false {
-		return fmt.Errorf("Expected response: %s/%+v    Recevied resource:%s/%+v", reflect.TypeOf(expectedResponse).String(), expectedResponse, reflect.TypeOf(receivedResponse).String(), receivedResponse)
+		return fmt.Errorf("Expected response: %s/%+v    Received resource:%s/%+v", reflect.TypeOf(expectedResponse).String(), expectedResponse, reflect.TypeOf(receivedResponse).String(), receivedResponse)
 	}
 	confBl, err := nsConfAdaptor.getConfigByName(nsconfigengine.GetNSCompatibleName(resourceName), configType)
 	if err != nil {
@@ -99,7 +99,7 @@ func verifyObject(nsConfAdaptor *configAdaptor, configType discoveryType, resour
 	log.Printf("Comapring %v with %v", confBl.resource, expectedResource)
 	compare = reflect.DeepEqual(confBl.resource, expectedResource)
 	if compare == false {
-		return fmt.Errorf("Expected resource:%s/%+v    Recevied resource:%s/%+v", reflect.TypeOf(expectedResource).String(), expectedResource, reflect.TypeOf(confBl.resource).String(), confBl.resource)
+		return fmt.Errorf("Expected resource:%s/%+v    Received resource:%s/%+v", reflect.TypeOf(expectedResource).String(), expectedResource, reflect.TypeOf(confBl.resource).String(), confBl.resource)
 	}
 	return nil
 }
@@ -109,11 +109,19 @@ func Test_clusterAdd(t *testing.T) {
 	nsConfAdaptor := getNsConfAdaptor()
 
 	log.Println("HTTP cluster add")
+	cds.OutlierDetection = &v2Cluster.OutlierDetection{Interval: &types.Duration{Seconds: int64(5), Nanos: int32(100000000)}, BaseEjectionTime: &types.Duration{Seconds: int64(7)}, ConsecutiveGatewayFailure: &types.UInt32Value{Value: uint32(9)}}
 	lbObj := &nsconfigengine.LBApi{Name: "c1", FrontendServiceType: "HTTP", LbMethod: "ROUNDROBIN", BackendServiceType: "HTTP", MaxConnections: 1024, MaxHTTP2ConcurrentStreams: 1000, NetprofileName: "k8s"}
+	lbObj.LbMonitorObj = new(nsconfigengine.LBMonitor)
+	lbObj.LbMonitorObj.Retries = 9
+	lbObj.LbMonitorObj.Interval = 5100
+	lbObj.LbMonitorObj.IntervalUnits = "MSEC"
+	lbObj.LbMonitorObj.DownTime = 7
+	lbObj.LbMonitorObj.DownTimeUnits = "SEC"
 	err := verifyObject(nsConfAdaptor, cdsAdd, "c1", lbObj, "c1", clusterAdd(nsConfAdaptor, cds, "HTTP"))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
+	lbObj.LbMonitorObj = nil
 
 	log.Println("TCP cluster add")
 	lbObj.FrontendServiceType = "TCP"
@@ -127,16 +135,23 @@ func Test_clusterAdd(t *testing.T) {
 	cds.CircuitBreakers = &v2Cluster.CircuitBreakers{Thresholds: []*v2Cluster.CircuitBreakers_Thresholds{&v2Cluster.CircuitBreakers_Thresholds{MaxConnections: &types.UInt32Value{Value: uint32(500)}, MaxRequests: &types.UInt32Value{Value: uint32(750)}}}}
 	cds.MaxRequestsPerConnection = &types.UInt32Value{Value: uint32(100)}
 	cds.TlsContext = &auth.UpstreamTlsContext{CommonTlsContext: env.MakeTLSContext("/etc/certs/server-cert.crt", "/etc/certs/server-key.key", "")}
+	cds.OutlierDetection = &v2Cluster.OutlierDetection{Interval: &types.Duration{Seconds: int64(21000)}, BaseEjectionTime: &types.Duration{Seconds: int64(7), Nanos: int32(500000000)}}
 	lbObj.FrontendServiceType = "HTTP"
 	lbObj.BackendServiceType = "SSL"
 	lbObj.MaxConnections = 500
 	lbObj.MaxRequestsPerConnection = 100
 	lbObj.MaxHTTP2ConcurrentStreams = 750
 	lbObj.BackendTLS = []nsconfigengine.SSLSpec{{SNICert: false, CertFilename: "/etc/certs/server-cert.crt", PrivateKeyFilename: "/etc/certs/server-key.key"}}
+	lbObj.LbMonitorObj = new(nsconfigengine.LBMonitor)
+	lbObj.LbMonitorObj.Interval = 21000
+	lbObj.LbMonitorObj.IntervalUnits = "SEC"
+	lbObj.LbMonitorObj.DownTime = 7500
+	lbObj.LbMonitorObj.DownTimeUnits = "MSEC"
 	err = verifyObject(nsConfAdaptor, cdsAdd, "c1", lbObj, "c1", clusterAdd(nsConfAdaptor, cds, "HTTP"))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
+	lbObj.LbMonitorObj = nil
 
 	log.Println("SSL_TCP cluster add")
 	lbObj.FrontendServiceType = "TCP"
@@ -145,7 +160,6 @@ func Test_clusterAdd(t *testing.T) {
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
-
 }
 
 func Test_clusterDel(t *testing.T) {

adsclient/nsconf_adaptor.go

@@ -166,7 +166,7 @@ func (confAdaptor *configAdaptor) sidecarBootstrapConfig() error {
 
 func (confAdaptor *configAdaptor) bootstrapConfig() error {
 	var err error
-	err = confAdaptor.client.EnableFeatures([]string{"lb", "cs", "ssl", "rewrite", "responder", "aaa"})
+	err = confAdaptor.client.EnableFeatures([]string{"lb", "cs", "ssl", "rewrite", "responder"})
 	if err != nil {
 		return err
 	}
@@ -184,7 +184,13 @@ func (confAdaptor *configAdaptor) bootstrapConfig() error {
 		// Dummy HTTP Vserver is added for Redirect Case
 		{ResourceType: netscaler.Lbvserver.Type(), ResourceName: "ns_dummy_http", Resource: lb.Lbvserver{Name: "ns_dummy_http", Servicetype: "HTTP"}},
 		{ResourceType: netscaler.Lbvserver_service_binding.Type(), ResourceName: "ns_dummy_http", Resource: lb.Lbvserverservicebinding{Name: "ns_dummy_http", Servicename: "ns_blackhole_http"}, IgnoreErrors: []string{"Resource already exists"}},
-		{ResourceType: netscaler.Tmsessionparameter.Type(), ResourceName: "", Resource: tm.Tmsessionparameter{Defaultauthorizationaction: "ALLOW"}, Operation: "set"},
+	}
+	err = confAdaptor.client.EnableFeatures([]string{"aaa"})
+	if err != nil {
+		log.Println("[WARN] aaa feature is not enabled and JWT authentication will not work")
+	} else {
+
+		configs = append(configs, nsconfigengine.NsConfigEntity{ResourceType: netscaler.Tmsessionparameter.Type(), ResourceName: "", Resource: tm.Tmsessionparameter{Defaultauthorizationaction: "ALLOW"}, Operation: "set"})
 	}
 	if len(confAdaptor.netProfile) > 0 {
 		netprof := nsconfigengine.NsConfigEntity{

charts/README.md

@@ -1,6 +1,6 @@
 # Citrix ADC CPX in Istio Helm Chart
 
-This repository contains [helm](https://helm.sh) charts for installing Citrix ADC CPX as Ingress Gateway and sidecar proxy in [Istio](https://istio.io)v1.1.2.
+This repository contains [helm](https://helm.sh) charts for installing Citrix ADC CPX as Ingress Gateway and sidecar proxy in [Istio](https://istio.io)v1.3.0.
 
 
 > Note: Charts may require access to kube-system namespace and/or cluster wide permissions for full functionality. Install/configure helm/tiller appropriately.

charts/stable/citrix-adc-istio-ingress-gateway/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio Service Mesh on Kubernetes platform
 name: citrix-adc-istio-ingress-gateway
-version: 1.0.0
-icon: https://github.com/citrix/citrix-istio-adaptor/blob/master/docs/media/Citrix_icon.png 
+version: 1.1.0
+icon: https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/gh-pages/icon.png
 home: https://www.citrix.com
 sources:
 - https://github.com/citrix/citrix-istio-adaptor