diff --git a/chart/templates/istio/controlplane/secret-tls.yaml b/chart/templates/istio/controlplane/secret-tls.yaml
index 887b527ecda2201b0591d35b139b28cfc9dec764..7c154c528b5ca00d1858f9b6522c1bb5f772de18 100644
--- a/chart/templates/istio/controlplane/secret-tls.yaml
+++ b/chart/templates/istio/controlplane/secret-tls.yaml
@@ -6,6 +6,7 @@ For backwards compatibility, get key/cert from .Values.istio.ingress
 {{- $default := .Values.istio.ingress | default dict -}}
 
 {{- range $name, $values := .Values.istio.gateways }}
+{{- if $values.servers }}
 {{- range $index, $servervalues := $values.servers }}
 {{- if or (and (dig "tls" "cert" "" $servervalues) (dig "tls" "key" "" $servervalues)) (and $default.cert $default.key) }}
 apiVersion: v1
@@ -24,6 +25,25 @@ data:
 ---
 {{- end }}
 {{- end }}
+{{/*
+For backwards compatibility, get certificate and key from .Values.istio.gateways.<gateway>.tls
+*/}}
+{{- else if or (and (dig "tls" "cert" "" $values) (dig "tls" "key" "" $values)) (and $default.cert $default.key) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-cert" $name }}
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" $ | nindent 4}}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ default $default.cert $values.tls.cert | b64enc }}
+  tls.key: {{ default $default.key $values.tls.key | b64enc }}
+---
+{{- end }}
 {{- end }}
 
 {{- end }}
diff --git a/chart/templates/istio/controlplane/values.yaml b/chart/templates/istio/controlplane/values.yaml
index a80f1e963fff0a1922c76da3869bab3f1242f9f9..8f599dd8b3253e9980a9778ea05e9cc5fa860cc5 100644
--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -69,28 +69,42 @@ gateways:
     autoHttpRedirect:
       enabled: {{ dig "autoHttpRedirect" "enabled" "true" $values }}
     servers:
+    {{- if $values.servers }}
       {{- range $index, $servervalues := $values.servers}}
     - hosts:
       {{- tpl ( $servervalues.hosts | default (list) | toYaml) $ | nindent 8 }}
       port:
+      {{- if $servervalues.port }}
       {{- tpl ( $servervalues.port | default (dict) | toYaml) $ | nindent 8 }}
+      {{- else }}
+        name: https
+        number: 8443
+        protocol: HTTPS
+      {{- end }}
       tls:
         credentialName: {{ $index }}-{{ $name }}-cert
         mode: {{ dig "tls" "mode" "SIMPLE" $servervalues }}
       {{- end }}
-      {{ else }}
-      {{- range $index, $servervalues := $values.servers}}
+    {{- else if ($values.ports) }}
+    {{- range $values.ports }}
     - hosts:
-      {{- tpl ( $servervalues.hosts | default (list) | toYaml) $ | nindent 8 }}
+      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
+      port:
+      {{- tpl ( . | default (list) | toYaml) $ | nindent 8 }}
+      tls:
+        credentialName: {{ $name }}-cert
+        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
+    {{- end }}
+    {{- else }}
+    - hosts:
+      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
       port:
         name: https
         number: 8443
         protocol: HTTPS
-      tls:
-        credentialName: {{ $index }}-{{ $name }}-cert
-        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
-      {{- end }}
-      {{- end }}
+    {{- end }}
+    {{- end }}
+
 {{- end }}
 
 {{- define "istio.ingressgateway.k8s" -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 125886b30747a123c30f93462069adbeb84016bd..5c5177d854337f2b43d6e078cb3b91b86fe246d3 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -155,19 +155,59 @@ istio:
   gateways:
     public:
       ingressGateway: "public-ingressgateway"
-      servers:
-      - hosts:
-          - "*.{{ .Values.domain }}"
-        # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
-        autoHttpRedirect:
-          enabled: true
-        port:
-          name: https
-          number: 8443
+      # DEPCRECATION NOTICE: This method of specifying gateway server configuration (hosts, tls secrets, autoHttpRedirect, etc.) is deprecated in favor of the example below
+      hosts:
+        - "*.{{ .Values.domain }}"
+      # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+      ports:
+        - name: tls-1
+          number: 1234
+          protocol:  TCP
+        - name: https
+          number: 4567
           protocol: HTTPS
-        tls:
-          key: ""
-          cert: ""
+      autoHttpRedirect:
+        enabled: true
+      tls:
+        key: ""
+        cert: ""
+    # private:
+    #   ingressGateway: "private-ingressgateway"
+    #   hosts:
+    #   - "example.bigbang.dev"
+    #   ports:
+    #     - name: tls-2
+    #       number: 1234
+    #       protocol: TCP
+    #     - name: tls
+    #       number: 5678
+    #       protocol: TCP
+    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+    #   autoHttpRedirect:
+    #     enabled: false
+    #   tls:
+    #     key: ""
+    #     cert: ""
+    # passthrough:
+    #   ingressGateway: "passthrough-ingressgateway"
+    #   hosts:
+
+    ####
+    # New server configuration method
+    ####
+    #   servers:
+    #   - hosts:
+    #       - "*.{{ .Values.domain }}"
+    #     # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+    #     autoHttpRedirect:
+    #       enabled: true
+    #     port:
+    #       name: https
+    #       number: 8443
+    #       protocol: HTTPS
+    #     tls:
+    #       key: ""
+    #       cert: ""
     # private:
     #   ingressGateway: "private-ingressgateway"
     #   servers: